CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/26 3:30 p.m.•2 views

EUVD-2018-21680

Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the...

8.5CVSS6.5AI score0.00008EPSS

RedhatCVE•added 2026/03/26 3:7 p.m.•1 views

CVE-2026-4120

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the...

6.4CVSS6.1AI score0.00063EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4086

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

Exploits0References1

PT-2026-28465

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, even after a RemoteStop StopTransaction is performed by the CSMS, the EVSE can return to PrepareCharging through the EV’s BCB...

5.2CVSS5.9AI score0.0001EPSS

Hacker One•added 2026/03/24 3:3 p.m.•5 views

Nextcloud: PIN bypass in PassCodeActivity via back button

A vulnerability was discovered in the PassCodeActivity of a certain application. The vulnerability allowed bypassing the PIN code by pressing the back button...

4.6CVSS5.5AI score0.00009EPSS

Exploits0

Patchstack•added 2026/03/23 4:24 p.m.•2 views

WordPress WP Random Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Random Button versions = 1.0...

6.4CVSS5.8AI score0.00048EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/22 2:16 p.m.•1 views

CVE-2019-25606

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name inpu...

6.8CVSS0.00016EPSS

Exploits0References4

CVE•added 2026/03/22 1:38 p.m.•6 views

CVE-2019-25606

Vulnerability summary: CVE-2019-25606 affects Fast AVI MPEG Joiner 1.2.0812. The issue is a buffer overflow in the License Name input that can be triggered by an oversized payload, enabling a local attacker to cause a denial of service by pasting a ~6000-byte text file into the License Name field...

6.8CVSS6.1AI score0.00016EPSS

Exploits0References4

EUVD•added 2026/03/21 3:33 p.m.•3 views

EUVD-2019-19872

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger t...

6.8CVSS6.1AI score0.00027EPSS

CVE•added 2026/03/21 12:47 p.m.•4 views

CVE-2019-25562

JetAudio 8.1.7 is affected by a local-denial-of-service via a buffer overflow in the video converter’s File Naming field. A 512-byte malicious buffer pasted into File Naming and triggered by clicking Preview crashes the application. Root cause: buffer overflow in the File Naming parameter. Affect...

6.8CVSS6.1AI score0.00027EPSS

Exploits1References3Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•3 views

EUVD-2026-14010

NVD•added 2026/03/21 4:17 a.m.•3 views

Exploits0References6

CVE-2026-4086

6.4CVSS0.00048EPSS

Vulnrichment•added 2026/03/21 3:26 a.m.•0 views

CVE-2026-4086 WP Random Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute

CVE•added 2026/03/21 3:26 a.m.•4 views

CVE-2026-4086

The CVE concerns the WP Random Button WordPress plugin (versions up to 1.0). It is vulnerable to Stored Cross-Site Scripting via the wp_random_button shortcode attributes cat, nocat, and text. The root cause is insufficient input sanitization and output escaping: the random_button_html() function...

Positive Technologies•added 2026/03/21 12:0 a.m.•3 views

PT-2026-26907

6.8CVSS6.1AI score0.00027EPSS

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26875

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wp random button' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...