CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:18 p.m.•6 views

CVE-2026-6690

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

7.2CVSS5.7AI score0.00236EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•7 views

CVE-2026-6510

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.00439EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•6 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.5AI score0.00219EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•7 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.4AI score0.00273EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•10 views

CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

7.5CVSS5.6AI score0.00448EPSS

EUVD•added 2026/06/04 1:26 a.m.•11 views

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS

Exploits0References4

ATTACKERKB•added 2026/06/04 1:26 a.m.•4 views

CVE-2026-10737

7.5CVSS5.9AI score0.003EPSS

Exploits0References5

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46111

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager versions prior to 4.72 Description Unauthorized access is possible due to a missing capability check in the view file function. Unauthenticated attackers can read file metadata and obtain download links for...

7.5CVSS5.7AI score0.003EPSS

Exploits0References8

WPVulnDB•added 2026/06/01 12:0 a.m.•7 views

DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.4.30 - Missing Authorization

Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.29. This makes it possible for authenticated attackers, with contributor-leve...

4.3CVSS5.5AI score0.00162EPSS

Packet Storm News•added 2026/06/01 12:0 a.m.•47 views

SkillGuard: A Permission Framework for Agent Skills

Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...

5.8AI score

Exploits0

NVD•added 2026/05/29 8:16 p.m.•11 views

CVE-2026-44420

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard cliprdr channel by sending a CBCLIPCAPS PDU with a too-small capabilitySetLength. This can crash the server process...

8.8CVSS0.0051EPSS

Exploits1References2

OSV•added 2026/05/29 8:16 p.m.•5 views

DEBIAN-CVE-2026-44420

OSV•added 2026/05/29 8:16 p.m.•4 views

UBUNTU-CVE-2026-44420

Vulnrichment•added 2026/05/29 7:42 p.m.•7 views

Exploits1References3

CVE-2026-44420 FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

AlpineLinux•added 2026/05/29 7:42 p.m.•10 views

CVE-2026-44420

Cvelist•added 2026/05/29 7:42 p.m.•34 views

Exploits1References2

CVE-2026-44420 FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

8.8CVSS0.0051EPSS

EUVD•added 2026/05/29 7:42 p.m.•8 views

EUVD-2026-33435

ATTACKERKB•added 2026/05/29 7:42 p.m.•15 views

CVE-2026-44420

Exploits1References2Affected Software1

CVE•added 2026/05/29 7:42 p.m.•50 views

CVE-2026-44420

CVE-2026-44420 affects FreeRDP before version 3.26.0. A malicious RDP client can trigger a heap-buffer-overflow write in the server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength, which can crash the server (remote DoS) and may be exploitable f...