CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7.4AI score0.85741EPSS

Exploits5References2

RedhatCVE•added 2026/02/05 1:22 a.m.•3 views

CVE-2026-24513

A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...

3.1CVSS5.4AI score0.00015EPSS

Exploits0References1

OSV•added 2026/02/04 12:30 a.m.•1 views

GHSA-4G2F-XCPH-2335 ingress-nginx has Improper Check for Unusual or Exceptional Conditions

3.1CVSS5.5AI score0.00015EPSS

Exploits0References3

OSV•added 2026/02/03 11:16 p.m.•0 views

CVE-2026-24513

3.1CVSS5.7AI score

Exploits0References1

NVD•added 2026/02/03 11:16 p.m.•4 views

CVE-2026-24513

3.1CVSS0.00015EPSS

Exploits0References1

Cvelist•added 2026/02/03 10:17 p.m.•23 views

CVE-2026-24513 ingress-nginx auth-url protection bypass

3.1CVSS0.00015EPSS

Exploits0References1

CVE•added 2026/02/03 10:17 p.m.•29 views

CVE-2026-24513

Ingress-NGINX contains a vulnerability where the protection of the auth-url Ingress annotation can be bypassed if a default custom-errors backend is configured with HTTP 401/403 and that backend incorrectly ignores the X-Code header. The built-in custom-errors backend functions correctly, but tri...

3.1CVSS5.5AI score0.00015EPSS

Exploits0References1

CNNVD•added 2026/02/03 12:0 a.m.•3 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability arises from the protection provided by the auth-ur...

3.1CVSS7.2AI score0.00015EPSS

Exploits0References1

NVD•added 2025/12/19 7:15 p.m.•3 views

CVE-2025-14964

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

10CVSS0.00951EPSS

Exploits1References5

OSV•added 2025/12/19 7:15 p.m.•1 views

CVE-2025-14964

9.3CVSS6.4AI score0.00951EPSS

Exploits1References5

NVD•added 2025/11/05 6:15 a.m.•10 views

CVE-2025-11749

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract th...

9.8CVSS0.85741EPSS

Exploits5References3

CVE•added 2025/11/05 5:31 a.m.•38 views

CVE-2025-11749

The WordPress AI Engine plugin (≤ 3.1.3) is vulnerable to unauthenticated sensitive information exposure via the REST API endpoints under /mcp/v1/ when No-Auth URL is enabled. This allows attackers to retrieve the Bearer Token, enabling session hijacking and actions such as creating an administra...

9.8CVSS6AI score0.85741EPSS

In wildExploits5References3

Cvelist•added 2025/11/05 5:31 a.m.•13 views

CVE-2025-11749 AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

9.8CVSS0.85741EPSS

Exploits5References3

VulnCheck KEV•added 2025/11/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-11749

9.8CVSS5.8AI score0.85741EPSS

In wildExploits5References3

Veracode•added 2025/04/02 11:26 p.m.•13 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...

8.8CVSS9.6AI score0.47478EPSS

Exploits8References9Affected Software1

SUSE CVE•added 2025/03/29 3:3 a.m.•7 views

SUSE CVE-2025-24514

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS7.6AI score0.47478EPSS

Exploits8References5

OSV•added 2025/03/26 7:24 a.m.•13 views

BIT-NGINX-INGRESS-CONTROLLER-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation

8.8CVSS9.3AI score0.47478EPSS

Exploits8References4

OSV•added 2025/03/25 7:38 p.m.•10 views

GO-2025-3566 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx

ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

8.8CVSS8.7AI score0.47478EPSS

Exploits8References6

Rapid7 Blog•added 2025/03/25 4:10 p.m.•6 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.9113EPSS

Exploits21

OSV•added 2025/03/25 12:15 a.m.•0 views

CVE-2025-24514

8.8CVSS6.2AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by