CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9652 matches found

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43545

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgrade jquery version function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS5.8AI score0.00277EPSS

Exploits0References7

RedhatCVE•added 2026/05/26 8:14 p.m.•10 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00341EPSS

Exploits0References1

RedhatCVE•added 2026/05/26 2:12 p.m.•11 views

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00341EPSS

Exploits0References1

OSV•added 2026/05/26 12:59 a.m.•6 views

MAL-2026-4715 Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

5.8AI score

Exploits0References3

NVD•added 2026/05/23 5:16 a.m.•8 views

CVE-2026-6897

8.8CVSS0.00341EPSS

Exploits0References2

ATTACKERKB•added 2026/05/23 4:27 a.m.•10 views

CVE-2026-6897

8.8CVSS5.8AI score0.00341EPSS

Exploits0References3

EUVD•added 2026/05/23 4:27 a.m.•12 views

EUVD-2026-31525

8.8CVSS5.8AI score0.00341EPSS

Exploits0References2

Cvelist•added 2026/05/23 4:27 a.m.•12 views

CVE-2026-6898 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action

8.8CVSS0.00341EPSS

Exploits0References2

EUVD•added 2026/05/23 4:27 a.m.•10 views

EUVD-2026-31523

8.8CVSS5.8AI score0.00341EPSS

Exploits0References2

Positive Technologies•added 2026/05/23 12:0 a.m.•9 views

PT-2026-42866

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3 Hooks::generate api key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00341EPSS

Exploits0References2

Packet Storm News•added 2026/05/23 12:0 a.m.•5 views

From Frontier to Shadow AI: A Simmering Threat to Assurance and Security in Critical Infrastructure

Frontier AI systems, including large language models and emerging agentic AI tools, offer significant operational benefits but present unique challenges to critical infrastructure CI environments due to their non-deterministic and emergent properties. While formal adoption is inherently cautious...

5.8AI score

Exploits0

RedhatCVE•added 2026/05/22 8:12 p.m.•11 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00198EPSS

Exploits0References1

NVD•added 2026/05/22 5:16 a.m.•11 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00255EPSS

Exploits0References6

NVD•added 2026/05/22 5:16 a.m.•17 views

CVE-2026-2518

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultpinstallcallback' and 'ultpactivatecallback' functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers...

4.3CVSS0.00237EPSS

Exploits0References3

EUVD•added 2026/05/22 4:29 a.m.•11 views

EUVD-2026-31412

4.3CVSS5.8AI score0.00237EPSS

Exploits0References3

Vulnrichment•added 2026/05/22 4:29 a.m.•7 views

CVE-2026-2518 FastX <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation

4.3CVSS5.8AI score0.00237EPSS

Exploits0References3

EUVD•added 2026/05/22 3:39 a.m.•10 views

EUVD-2026-31404

4.3CVSS5.8AI score0.00255EPSS

Exploits0References6

Vulnrichment•added 2026/05/22 3:39 a.m.•5 views

CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

4.3CVSS5.8AI score0.00255EPSS

Exploits0References6

Positive Technologies•added 2026/05/22 12:0 a.m.•11 views

PT-2026-42722

Name of the Vulnerable Software and Affected Versions FastX theme for WordPress versions prior to 1.0.3 Description The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability...

4.3CVSS5.8AI score0.00237EPSS

Exploits0References9

NVD•added 2026/05/21 8:16 p.m.•11 views

CVE-2026-4843

4.3CVSS0.00198EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by