CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/11 1:24 a.m.•27 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

6.5CVSS0.00372EPSS

ATTACKERKB•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5207

6.5CVSS6AI score0.00372EPSS

Exploits0References6

OSV•added 2026/03/13 9:17 a.m.•3 views

BIT-WORDPRESS-MULTISITE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

EUVD•added 2026/03/11 12:31 p.m.•4 views

Exploits0References4

EUVD-2026-11134

OSV•added 2026/03/11 10:16 a.m.•1 views

Exploits0References4

DEBIAN-CVE-2026-3906

4.3CVSS5.4AI score0.00305EPSS

Exploits0References1

NVD•added 2026/03/11 10:16 a.m.•3 views

CVE-2026-3906

4.3CVSS0.00305EPSS

UbuntuCve•added 2026/03/11 10:16 a.m.•6 views

CVE-2026-3906

ATTACKERKB•added 2026/03/11 9:25 a.m.•3 views

CVE-2026-3906

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/11 9:25 a.m.•5 views

CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

Cvelist•added 2026/03/11 9:25 a.m.•29 views

CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

4.3CVSS0.00305EPSS

Debian CVE•added 2026/03/11 9:25 a.m.•3 views

CVE-2026-3906

4.3CVSS5.3AI score0.00305EPSS

Exploits0

CVE•added 2026/03/11 9:25 a.m.•147 views

CVE-2026-3906

CVE-2026-3906 affects WordPress core (versions 6.9–6.9.1). The vulnerability resides in the REST API endpoint used by the block editor's Notes feature, where create_item_permissions_check() does not verify that the authenticated user has edit_post permission on the target post when creating a not...

Positive Technologies•added 2026/03/11 12:0 a.m.•7 views

PT-2026-24659

Name of the Vulnerable Software and Affected Versions WordPress versions 6.9 through 6.9.1 Description WordPress core is susceptible to unauthorized access. The Notes feature, introduced in WordPress 6.9, allows for collaborative annotations on posts within the block editor. However, the REST API...

4.3CVSS5.1AI score0.00305EPSS

Exploits0References12

NVD•added 2026/02/18 11:16 a.m.•3 views

CVE-2026-1942

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...

6.5CVSS0.00336EPSS

Exploits0References4

ATTACKERKB•added 2026/02/18 10:20 a.m.•7 views

CVE-2026-1942

6.5CVSS5.7AI score0.00336EPSS

RedhatCVE•added 2026/01/09 9:28 a.m.•4 views

CVE-2023-49754

Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through = 5.0.0...

4.3CVSS7.3AI score0.00388EPSS

Exploits0References1

Vulnrichment•added 2025/11/27 8:27 a.m.•2 views

CVE-2025-13536 Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the...

8.8CVSS7AI score0.00501EPSS