CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

77 matches found

EUVD•added 5 days ago•8 views

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS5.2AI score0.00412EPSS

Exploits0References2

NVD•added 5 days ago•6 views

CVE-2026-40724

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS0.00412EPSS

Exploits0References1

CVE•added 5 days ago•3 views

CVE-2026-40724

CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions <= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)

6.5CVSS5.2AI score0.00412EPSS

Exploits0References1

Cvelist•added 5 days ago•27 views

CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS0.00412EPSS

Exploits0References1

Patchstack•added 2026/04/16 11:39 a.m.•2 views

WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Client Portal Pro versions = 5.6.2...

5.8AI score0.00412EPSS

Exploits0Affected Software1

OSV•added 2026/03/24 8:40 p.m.•1 views

GHSA-98WM-CXPW-847P Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

5.4CVSS5.9AI score0.00231EPSS

Exploits0References5

Positive Technologies•added 2026/03/24 12:0 a.m.•4 views

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

5.4CVSS5.8AI score0.00231EPSS

Exploits0References7

RedhatCVE•added 2026/02/20 1:26 p.m.•3 views

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

4.3CVSS5.5AI score0.00185EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•2 views

CVE-2026-25003

4.3CVSS0.00185EPSS

Exploits0References1

CVE•added 2026/02/19 8:26 a.m.•8 views

CVE-2026-25003

CVE-2026-25003 affects the WordPress Client Portal plugin (madalin.ungureanu) for WordPress, with versions up to and including 1.2.1. The issue is a Missing Authorization vulnerability arising from incorrectly configured access control security levels, effectively a broken access control defect. ...

4.3CVSS5.4AI score0.00185EPSS

Exploits0References1

Cvelist•added 2026/02/19 8:26 a.m.•25 views

CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

4.3CVSS0.00185EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:26 a.m.•1 views

CVE-2026-25003

5.5AI score0.00185EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 8:26 a.m.•3 views

CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

4.3CVSS5.5AI score0.00185EPSS

Exploits0References1

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20674

5.5AI score0.00185EPSS

Exploits0References1

CNNVD•added 2026/02/19 12:0 a.m.•7 views

WordPress plugin Client Portal 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

4.3CVSS5.8AI score0.00185EPSS

Exploits0References1

Patchstack•added 2026/01/16 7:14 a.m.•3 views

WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Client Portal versions = 1.2.1...

4.3CVSS5.4AI score0.00185EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/09 9:32 a.m.•5 views

CVE-2023-25968

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin = 1.1.8 versions...

8.8CVSS7.1AI score0.00256EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-3296

Malware in sbrugna...

5.8CVSS6.4AI score0.02206EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-29855

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00256EPSS

Exploits0References1