CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

CVE•added 2026/06/17 9:50 a.m.•6 views

CVE-2026-39595

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-39595 for W3 Total Cache plugin

4.7CVSS5.1AI score0.0021EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/06/11 7:24 a.m.•11 views

Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.7AI score

Exploits0References1

OSV•added 2026/06/11 7:24 a.m.•9 views

MAL-2026-5604 Malicious code in cache-section-helper (npm)

5.7AI score

Exploits0References1

RedhatCVE•added 2026/06/05 7:50 p.m.•4 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.6AI score0.0032EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:21 p.m.•10 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.7AI score0.36512EPSS

Exploits8References1

Patchstack•added 2026/05/28 2:55 p.m.•11 views

WordPress Breeze Cache plugin <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Breeze versions = 2.5.2...

5.3CVSS5.8AI score0.00273EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/18 7:16 a.m.•16 views

CVE-2026-3220

8.8CVSS0.0032EPSS

Exploits0References1

Vulnrichment•added 2026/05/18 6:0 a.m.•8 views

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

5.9AI score0.0032EPSS

Exploits0References1

ATTACKERKB•added 2026/05/18 6:0 a.m.•9 views

CVE-2026-3220

8.8CVSS5.9AI score0.0032EPSS

Exploits0References1

EUVD•added 2026/05/18 6:0 a.m.•9 views

EUVD-2026-30736

8.8CVSS5.9AI score0.0032EPSS

Exploits0References1

CVE•added 2026/05/18 6:0 a.m.•35 views

CVE-2026-3220

CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...

8.8CVSS5.9AI score0.0032EPSS

Exploits0References1

Patchstack•added 2026/04/23 8:41 a.m.•6 views

WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability

Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...

9.8CVSS5.8AI score0.36512EPSS

Exploits8References1Affected Software1

NVD•added 2026/04/23 3:16 a.m.•4 views

CVE-2026-3844

9.8CVSS0.36512EPSS

Exploits8References4

Cvelist•added 2026/04/23 2:25 a.m.•38 views

CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

9.8CVSS0.36512EPSS

Exploits8References4

ATTACKERKB•added 2026/04/23 2:25 a.m.•5 views

CVE-2026-3844

9.8CVSS6.6AI score0.36512EPSS

Exploits8References5

Positive Technologies•added 2026/04/23 12:0 a.m.•4 views

PT-2026-34629

Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description The Breeze Cache plugin for WordPress contains an arbitrary file upload flaw that allows unauthenticated attackers to upload malicious files, such as PHP backdoors, potentially leading to remote...

9.8CVSS6.8AI score0.36512EPSS

Exploits8References42

Cvelist•added 2026/03/25 4:14 p.m.•26 views

CVE-2026-25347 WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

7.1CVSS0.00175EPSS

Exploits0References1

CNNVD•added 2026/03/25 12:0 a.m.•3 views

WordPress plugin WP REST Cache 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.7AI score0.00175EPSS

Exploits0References1

CNNVD•added 2026/02/19 12:0 a.m.•7 views

WordPress plugin Breeze - WordPress Cache Plugin 安全漏洞

5.3CVSS5.8AI score0.00353EPSS

Exploits0References5

Cvelist•added 2026/01/09 5:25 a.m.•22 views

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS0.00124EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by