CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the processwbelpspromoform function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS0.00205EPSS

Exploits0References4

Tenable Nessus•added 2025/06/10 12:0 a.m.•2 views

Mozilla Thunderbird < 128.11.1

The version of Thunderbird installed on the remote Windows host is prior to 128.11.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-49 advisory. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's...

6.5CVSS7.1AI score0.00583EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 5:34 p.m.•2 views

CVE-2020-9364

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactformupload parameter. An attacker could exploit this...

5.3CVSS6.8AI score0.00536EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 4:20 p.m.•4 views

CVE-2020-14258

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected...

7.5CVSS7AI score0.00387EPSS

Exploits0

Mozilla•added 2025/05/13 12:0 a.m.•23 views

Security Vulnerabilities fixed in Thunderbird 128.10.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

8.1CVSS6.6AI score0.00422EPSS

Exploits0References5Affected Software1

Exploit DB•added 2025/04/11 12:0 a.m.•342 views

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)

Exploit Title: Roundcube Webmail 1.6.6 - Stored Cross Site Scripting XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Source Webmail Software Software Link: Releases · roundcube/roundcubemail Version: Roundcube client version earlier than 1.5.6 or from 1.6 t...

6.1CVSS6.4AI score0.64519EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by