CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses...

6.5CVSS6.6AI score0.00122EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:1 a.m.•5 views

CVE-2019-8931

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...

7.5CVSS6.9AI score0.00322EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:24 a.m.•3 views

CVE-2019-12912

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...

5.5CVSS6.9AI score0.00074EPSS

Exploits0References1

GithubExploit•added 2025/04/10 3:56 p.m.•114 views

Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

PoC for CVE-2023-6063: WP Fastest Cache 1.2.2 Unauthenticated...

7.5CVSS8.4AI score0.91366EPSS

Exploits11

OSV•added 2024/09/06 11:9 a.m.•1 views

OESA-2024-2093 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

7.5CVSS6.7AI score0.06863EPSS

Exploits2References3

WPVulnDB•added 2024/06/04 12:0 a.m.•15 views

LearnPress – WordPress LMS Plugin < 4.2.6.8.1 - Basic Information Disclosure via JSON API

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extrac...

5.3CVSS6.5AI score0.05516EPSS

Exploits0References1Affected Software1

SUSE CVE•added 2023/02/15 4:36 a.m.•0 views

SUSE CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS6.9AI score0.00204EPSS

Exploits0References3

Positive Technologies•added 2022/10/17 12:0 a.m.•2 views

PT-2022-22804 · Hunter2 · Hunter2

Name of the Vulnerable Software and Affected Versions: hunter2 versions prior to 2.1.0 Description: An issue has been discovered in the improper handling of auto-completion input, allowing an authenticated attacker to extract other users' email addresses. Recommendations: For versions prior to...

6.5CVSS6.4AI score0.00122EPSS

Exploits0References6