CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 4:28 a.m.•5 views

EUVD-2026-32051

4.3CVSS5.9AI score0.00014EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43495

4.3CVSS5.9AI score0.00014EPSS

Exploits0References6

UbuntuCve•added 2026/05/27 12:0 a.m.•2 views

CVE-2026-45925

thermal/of: Fix reference leak in thermalofcmlookup...

5.8AI score0.00023EPSS

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00014EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-43792

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermal of cm lookup In thermal of cm lookup, tr np is obtained via of parse phandle, but never released. Use the freedevice node cleanup attribute to automatically release the node and fix the...

5.8AI score0.00023EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fixed a use-after-free issue related to the destruction of CM IDs. The function iwconnreqhandler associates a new struct rdmaidprivate named connid with an existing struct iwcmid named cmid as follows: c connid-cmid.iw...

7.8CVSS6.2AI score0.00011EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod: fix potential use-after-free issue In cmwrite, buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent cal...

7.8CVSS6.6AI score0.00015EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fixed a use-after-free of work objects after the cmid is destroyed The commit 59c68ac31e15 “iwcm: Free cmid resources on the last deref” simplified cmid resource management by freeing the cmid once all references to it...

7.8CVSS6.4AI score0.00063EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishme...

9.8CVSS6.2AI score0.00087EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010725 advisory. A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when...

2.3CVSS6.7AI score0.00016EPSS

Exploits0References3

ATTACKERKB•added 2026/04/13 1:40 p.m.•1 views

CVE-2026-31425

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

5.5AI score0.00015EPSS

Exploits0References9Affected Software1

RedhatCVE•added 2026/03/26 3:8 p.m.•0 views

CVE-2026-2432

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.9AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/03/20 9:32 a.m.•3 views

EUVD-2026-13637

4.4CVSS5.9AI score0.0001EPSS

NVD•added 2026/03/20 9:16 a.m.•2 views

CVE-2026-2432

4.4CVSS0.0001EPSS

ATTACKERKB•added 2026/03/20 8:25 a.m.•1 views

CVE-2026-2432

4.4CVSS5.9AI score0.0001EPSS

Cvelist•added 2026/03/20 8:25 a.m.•24 views

CVE-2026-2432 CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels

4.4CVSS0.0001EPSS

CNNVD•added 2026/03/20 12:0 a.m.•2 views

WordPress plugin CM Custom Reports 跨站脚本漏洞

4.4CVSS5.7AI score0.0001EPSS

EUVD•added 2026/03/07 3:30 a.m.•3 views

EUVD-2026-10100

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00111EPSS