CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

680 matches found

Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections id: CVE-2021-24791 info: name: Header Footer Code Manag...

7.2CVSS7.1AI score0.05027EPSS

Exploits2References3

GithubExploit•added 2026/05/25 1:17 a.m.•72 views

Exploit for CVE-2026-36239

CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...

6.4AI score0.00312EPSS

Exploits1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid accessing uninitialized data in f2fssanitychecknodefooter. syzbot reported the following bug: BUG: KMSAN: Access to uninitialized data in f2fssanitychecknodefooter+0x374/0xa20; file...

5.5CVSS5.3AI score0.00112EPSS

Exploits0References1

SUSE CVE•added 2026/05/13 3:35 a.m.•7 views

SUSE CVE-2026-43349

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fssanitychecknodefooter+0x374/0xa20 fs/f2fs/node.c:1520 f2fssanitychecknodefooter+0x374/0xa20...

5.6CVSS5.7AI score0.00112EPSS

Exploits0References3

RedhatCVE•added 2026/05/08 7:48 p.m.•10 views

CVE-2026-43349

A flaw was found in the Linux kernel's Flash-Friendly File System f2fs. This vulnerability allows a local attacker to cause an uninitialized value access in the f2fssanitychecknodefooter function. This occurs when the system fails to read data from a device into a folio, potentially leading to...

5.5CVSS5.8AI score0.00112EPSS

Exploits0References4

EUVD•added 2026/05/08 3:31 p.m.•8 views

EUVD-2026-28633

5.8AI score0.00112EPSS

Exploits0References4

NVD•added 2026/05/08 2:16 p.m.•10 views

CVE-2026-43349

5.5CVSS0.00112EPSS

Exploits0References3

UbuntuCve•added 2026/05/08 2:16 p.m.•6 views

CVE-2026-43349

5.5CVSS5.8AI score0.00112EPSS

Exploits0References5

Cvelist•added 2026/05/08 1:41 p.m.•28 views

CVE-2026-43349 f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer

0.00112EPSS

Exploits0References3

Debian CVE•added 2026/05/08 1:41 p.m.•7 views

CVE-2026-43349

5.5CVSS5.7AI score0.00112EPSS

Exploits0

ATTACKERKB•added 2026/05/08 1:41 p.m.•6 views

CVE-2026-43349

5.5CVSS5.8AI score0.00112EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/05/08 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in...

5.5CVSS6.1AI score0.00112EPSS

Exploits0References2

Positive Technologies•added 2026/05/08 12:0 a.m.•12 views

PT-2026-39000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the f2fs finish read bio function may access uninitialized data in a folio if the system fails to read data from the device into that folio...

9.8CVSS6AI score0.93418EPSS

Exploits31References42

EUVD•added 2026/04/10 6:31 a.m.•2 views

EUVD-2026-21288

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS6.1AI score0.002EPSS

Exploits0References9

NVD•added 2026/04/10 4:16 a.m.•3 views

CVE-2026-2305

6.4CVSS0.002EPSS

Exploits0References8

CVE•added 2026/04/10 3:35 a.m.•8 views

CVE-2026-2305

CVE-2026-2305 : The AddFunc Head & Footer Code WordPress plugin (versions up to and including 2.3) is vulnerable to Stored Cross-Site Scripting via the post meta keys aFhfc_head_code, aFhfc_body_code, and aFhfc_footer_code. The vulnerability arises because these values are output without sanitiza...

6.4CVSS6.1AI score0.002EPSS

Exploits0References8

Vulnrichment•added 2026/04/10 3:35 a.m.•2 views

CVE-2026-2305 AddFunc Head & Footer Code <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields

6.4CVSS6AI score0.002EPSS

Exploits0References8

Patchstack•added 2026/04/10 12:12 a.m.•7 views

WordPress AddFunc Head & Footer Code plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AddFunc Head & Footer Code versions = 2.3...

6.4CVSS5.9AI score0.002EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/06 3:58 p.m.•27 views

CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

5.1CVSS0.00149EPSS

Exploits0References1

Vulnrichment•added 2026/04/06 3:58 p.m.•1 views

CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions

5.1CVSS5.8AI score0.00149EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by