CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/09 5:16 a.m.•7 views

CVE-2026-11603

6.1CVSS0.00205EPSS

Exploits0References2

RedhatCVE•added 2026/06/07 8:59 a.m.•16 views

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score0.00292EPSS

NVD•added 2026/06/06 2:16 a.m.•9 views

CVE-2026-8901

7.2CVSS0.00292EPSS

Cvelist•added 2026/06/06 1:26 a.m.•39 views

CVE-2026-8901 Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data

7.2CVSS0.00292EPSS

ATTACKERKB•added 2026/06/06 1:26 a.m.•6 views

CVE-2026-8901

7.2CVSS5.7AI score0.00292EPSS

Exploits0References11

CVE•added 2026/06/06 1:26 a.m.•18 views

CVE-2026-8901

CVE-2026-8901 affects the WordPress plugin “Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More.” It is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to 1.0.15, caused by insufficient input sanitization and output escapin...

7.2CVSS5.7AI score0.00292EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•6 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.5AI score0.00325EPSS

ATTACKERKB•added 2026/05/31 2:28 a.m.•8 views

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.0027EPSS

Exploits0References4

CNNVD•added 2026/05/28 12:0 a.m.•7 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00433EPSS

Vulnrichment•added 2026/05/27 3:20 p.m.•6 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.9AI score0.00271EPSS

EUVD•added 2026/05/25 6:30 p.m.•6 views

EUVD-2026-31714

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may...

9CVSS7.8AI score0.00751EPSS

Exploits0References4

Patchstack•added 2026/05/25 7:25 a.m.•22 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.00348EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/19 6:33 p.m.•9 views

CVE-2026-8096 Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS5.7AI score0.00348EPSS

EUVD•added 2026/05/10 3:31 p.m.•8 views

EUVD-2021-34792

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

8.8CVSS6.1AI score0.00309EPSS

Exploits0References4

NVD•added 2026/05/10 1:16 p.m.•8 views

CVE-2021-47930

8.8CVSS0.00309EPSS

Cvelist•added 2026/05/10 12:43 p.m.•29 views

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

8.8CVSS0.00309EPSS

CVE•added 2026/05/10 12:43 p.m.•10 views

CVE-2021-47930

Balbooa Joomla Forms Builder 2.0.6 is affected by an unauthenticated SQL injection in the form submission handler. The vulnerability can be triggered by sending POST requests to the com_baforms component with malicious JSON payloads in the 'id' field, enabling remote attackers to extract sensitiv...

8.8CVSS6.1AI score0.00309EPSS