CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/02/27 12:0 a.m.•5 views

PT-2026-22414

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.6.0 Description Gradio is a Python package for rapid prototyping. A flaw exists in the OAuth flow where the redirect to target function does not properly validate the target url query parameter. This allows redirecti...

4.3CVSS6AI score0.00013EPSS

CNNVD•added 2026/02/27 12:0 a.m.•3 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00095EPSS

RedhatCVE•added 2026/02/26 10:14 a.m.•5 views

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

NVD•added 2026/02/26 8:16 a.m.•8 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS0.00056EPSS

Vulnrichment•added 2026/02/26 7:58 a.m.•4 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

5.3CVSS5.5AI score0.00056EPSS

Patchstack•added 2026/02/26 1:28 a.m.•3 views

WordPress Advanced Woo Labels plugin <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter vulnerability

Authenticated Contributor+ Remote Code Execution via 'callback' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Advanced Woo Labels versions = 2.36...

8.8CVSS5.6AI score0.00361EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2026/02/25 3:20 p.m.•3 views

kernel: Bluetooth: hci_event: call disconnect callback before deleting conn

A flaw was found in the Linux kernel in which a callback is not called when a Bluetooth peripheral is disconnected. This flaw leads to a use-after-free, which an attacker could use to escalate their privileges, corrupt system memory, or otherwise cause a denial of service...

7.8CVSS5.7AI score0.00008EPSS

EUVD•added 2026/02/25 9:30 a.m.•6 views

EUVD-2026-8631

NVD•added 2026/02/25 9:16 a.m.•5 views

Exploits0References6

CVE-2026-1929

8.8CVSS0.00361EPSS

CVE•added 2026/02/25 8:25 a.m.•12 views

CVE-2026-1929

The CVE-2026-1929 entry describes a Remote Code Execution in the WordPress plugin Advanced Woo Labels (vulnerable up to and including 2.37). The issue arises in the AJAX handler (get_select_option_values) where the code calls call_user_func_array() with a user-controlled callback and parameters, ...

Vulnrichment•added 2026/02/25 8:25 a.m.•2 views

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

ATTACKERKB•added 2026/02/25 8:25 a.m.•2 views

CVE-2026-1929

Cvelist•added 2026/02/25 8:25 a.m.•20 views

Exploits0References6

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

8.8CVSS0.00361EPSS