CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•4 views

Malicious code in boring-avatars-vanilla (npm)

5.8AI score

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-37168

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization in the content management system allows authenticated users to create, replace, or delete user avatars even when they lack the necessary permissions ...

5.3CVSS5.8AI score0.00008EPSS

Exploits0References10

NVD•added 2026/05/02 4:16 a.m.•1 views

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS0.00062EPSS

Exploits0References10

RedhatCVE•added 2026/04/29 2:48 p.m.•1 views

CVE-2026-39690

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS5.1AI score0.0004EPSS

CNNVD•added 2026/04/09 12:0 a.m.•3 views

dde-control-center 信任管理问题漏洞

dde-control-center is a control center for a deep desktop environment, open-sourced by Wuhan Deepin Technology Co.,Ltd. Versions of dde-control-center prior to 6.1.80 contained a trust management vulnerability. This vulnerability stemmed from the plugin-deepinid plugin skipping TLS certificate...

5.4CVSS5.8AI score0.00019EPSS

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20383

NVD•added 2026/04/08 9:16 a.m.•0 views

Exploits0References2

CVE-2026-39690

5.3CVSS0.0004EPSS

Vulnrichment•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

5.9AI score0.0004EPSS

Cvelist•added 2026/04/08 8:30 a.m.•17 views

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

5.3CVSS0.0004EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39690

CVE•added 2026/04/08 8:30 a.m.•4 views

Exploits0References2

CVE-2026-39690

CVE-2026-39690 concerns a Missing Authorization vulnerability in the WordPress plugin “Author Avatars List/Block” (

Positive Technologies•added 2026/04/08 12:0 a.m.•0 views

PT-2026-31252

CNNVD•added 2026/04/08 12:0 a.m.•3 views

Exploits0References3

WordPress plugin Author Avatars List/Block 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.8AI score0.0004EPSS

Snyk•added 2026/03/25 9:17 p.m.•0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

7.4CVSS6.5AI score0.00018EPSS

Exploits1References2

OSV•added 2026/03/19 10:16 p.m.•1 views

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

5.5CVSS6AI score