CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/20 1:25 a.m.•15 views

CVE-2026-6549

Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.

6.4CVSS6AI score0.00034EPSS

Exploits0References4

ATTACKERKB•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-8038

The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS6AI score0.00032EPSS

Exploits0References4

Cvelist•added 2026/05/20 1:25 a.m.•38 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00044EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•3 views

CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

EUVD•added 2026/05/20 1:25 a.m.•6 views

EUVD-2026-31017

ATTACKERKB•added 2026/05/20 1:25 a.m.•3 views

CVE-2026-6397

CVE•added 2026/05/20 1:25 a.m.•11 views

Exploits0References6

CVE-2026-6397

The WordPress Sticky plugin is affected up to version 2.5.6. In cvmh_sticky_front_render(), the readmoretext attribute from the cvmh-sticky shortcode is passed through apply_filters() and directly concatenated into HTML without escaping, enabling Stored Cross-Site Scripting. Exploitation requires...

EUVD•added 2026/05/20 12:31 a.m.•8 views

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6AI score0.0001EPSS

Exploits0References4

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

RHEL 9 : glib2 (RHSA-2026:19459)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19459 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...

9.8CVSS6.6AI score0.0005EPSS

CNNVD•added 2026/05/20 12:0 a.m.•4 views

PhoenixStorybook 代码注入漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...

9.5CVSS6AI score0.00406EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42190

Name of the Vulnerable Software and Affected Versions Cisco Nexus 3000 Series Switches versions prior to 10.61s Cisco Nexus 9000 Series Switches versions prior to 10.61s Description A flaw in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches in...

6.8CVSS5.8AI score0.00039EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42062

Name of the Vulnerable Software and Affected Versions Sticky versions prior to 2.5.7 Description The Sticky plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the cvmh sticky front render function fails to properly sanitize input and escape output for the...

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

Exploits0References8

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

8.3CVSS5.8AI score0.00029EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•11 views

PT-2026-42069

Name of the Vulnerable Software and Affected Versions Logo Manager For Enamad versions prior to 0.7.5 Description The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6AI score0.00034EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

RHEL 9 : glib2 (RHSA-2026:19452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19452 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...

9.8CVSS6.6AI score0.0005EPSS