CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/20 2:16 a.m.•16 views

CVE-2026-8038

6.4CVSS0.00032EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•6 views

CVE-2026-8038 Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute

EUVD•added 2026/05/20 1:25 a.m.•7 views

EUVD-2026-31043

Cvelist•added 2026/05/20 1:25 a.m.•36 views

CVE-2026-8038 Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute

6.4CVSS0.00032EPSS

ATTACKERKB•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-8038

CVE•added 2026/05/20 1:25 a.m.•9 views

Exploits0References4

CVE-2026-8038

The CVE concerns the WordPress plugin Faces of Users, vulnerable to Stored Cross-Site Scripting via the default shortcode attribute in the facesofusers shortcode, affecting all versions up to 0.0.3. Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticat...

CNNVD•added 2026/05/20 12:0 a.m.•6 views

WordPress plugin Faces of Users 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42075

Name of the Vulnerable Software and Affected Versions Faces of Users versions prior to 0.0.4 Description The Faces of Users plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the default attribute of the...

Patchstack•added 2026/05/19 12:3 p.m.•4 views

Exploits0References6

WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/08 3:36 p.m.•7 views

EUVD-2026-28794

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.8AI score0.00363EPSS

OSV•added 2026/04/27 1:14 p.m.•2 views

JLSEC-2026-192

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be...

7.8CVSS4.3AI score0.00111EPSS

Exploits1References7

CNNVD•added 2026/04/21 12:0 a.m.•8 views

Oracle Application Development Framework 安全漏洞

The Oracle Application Development Framework is an enterprise-level application development framework developed by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Application Development Framework contain security vulnerabilities. These vulnerabilities...

7.8CVSS7.2AI score0.00028EPSS

Exploits0References2

vulnersOsv•added 2026/04/16 9:31 p.m.•2 views

co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)

org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.8AI score0.00363EPSS

Exploits0

Wired Threat Level•added 2026/02/20 8:3 p.m.•5 views

DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies

Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition...

5.5AI score

Exploits0

vulnersOsv•added 2026/01/20 6:31 p.m.•5 views

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...

9.8CVSS5.8AI score0.00133EPSS

Exploits1

vulnersOsv•added 2026/01/20 6:31 p.m.•3 views

br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +50 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (>=0.9.2 <=2.0.3)

fr.opensagres.xdocreport:fr.opensagres.xdocreport.document MAVEN version =0.9.2, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: OSV:GHSA-7JC7-G598-2P64...

9.8CVSS5.8AI score0.00107EPSS

Exploits1

RedhatCVE•added 2026/01/07 9:9 a.m.•17 views

CVE-2024-2227

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

10CVSS6.8AI score0.51657EPSS