CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8368 matches found

OSV•added 2026/05/14 12:0 a.m.•4 views

ALSA-2026:17481 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

7.8CVSS5.8AI score0.00027EPSS

Exploits1References4

Cvelist•added 2026/05/13 8:50 p.m.•31 views

CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS0.00051EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 8:50 p.m.•3 views

CVE-2026-44381

9.3CVSS5.9AI score0.00051EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/13 8:50 p.m.•18 views

CVE-2026-44381

MISP (open source threat intelligence platform) prior to version 2.5.37 contains a SQL injection vulnerability in handling of user-controlled ordering parameters on the event and shadow attribute listing endpoints. The affected code accepts order/sort values from request parameters and injects th...

9.3CVSS5.9AI score0.00051EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/13 4:16 p.m.•7 views

CVE-2026-44665

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.0001EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 3:24 p.m.•3 views

CVE-2026-44665

6.1CVSS5.8AI score0.0001EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/13 3:24 p.m.•22 views

CVE-2026-44665

Summary of CVE-2026-44665 details (from provided sources): The vulnerability affects the fast-xml-builder library, where input data containing quotes in attribute values, if the processEntities flag is not enabled, can cause an attribute value to be split into multiple attributes. This enables an...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References1

Cvelist•added 2026/05/13 3:24 p.m.•26 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

6.1CVSS0.0001EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 2:21 p.m.•6 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 2:21 p.m.•7 views

CVE-2026-4920

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00032EPSS

Exploits0References1

OSV•added 2026/05/13 12:6 p.m.•8 views

RLSA-2026:15969 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

6.5CVSS6.6AI score0.0005EPSS

Exploits0References3

Rockylinux•added 2026/05/13 12:6 p.m.•10 views

glib2 security update

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...

9.8CVSS5.8AI score0.0005EPSS

Exploits0

Rockylinux•added 2026/05/13 12:3 p.m.•9 views

glib2 security update

An update is available for glib2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and applicatio...

9.8CVSS5.8AI score0.0005EPSS

Exploits0

NVD•added 2026/05/13 8:16 a.m.•3 views

CVE-2026-3004

The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00034EPSS

Exploits0References4

NVD•added 2026/05/13 8:16 a.m.•6 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS0.00037EPSS

Exploits0References4

CVE•added 2026/05/13 7:44 a.m.•16 views

CVE-2025-14767

CVE-2025-14767 affects the WordPress plugin WPC Badge Management for WooCommerce (versions ≤ 3.1.6). The vulnerability is a Stored Cross-Site Scripting via the 'text' attribute of the wpcbm_best_seller shortcode, caused by insufficient input sanitization and output escaping. Authenticated attacke...

5.5CVSS6AI score0.00037EPSS

Exploits0References4