CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8063 matches found

CVE-2026-11153

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00028EPSS

Exploits0References3Affected Software1

Debian CVE•added 3 days ago•5 views

CVE-2026-11153

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

9.1CVSS5.5AI score0.00028EPSS

Exploits0

Patchstack•added 3 days ago•3 views

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.3...

5.5AI score

Exploits0Affected Software1

Patchstack•added 3 days ago•2 views

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.8...

5.5AI score

Exploits0Affected Software1

Positive Technologies•added 3 days ago•5 views

PT-2026-46873

Summary The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6 representations of an address already listed in a static rule — such as compressed forms,...

5.3CVSS5.8AI score0.00098EPSS

Exploits0References6

Wordfence Blog•added 4 days ago•7 views

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

9.8CVSS6.7AI score0.00313EPSS

Exploits1

CVE•added 4 days ago•10 views

CVE-2026-3276

The CVE concerns Python’s unicodedata.normalize() taking excessive CPU time when given specially crafted Unicode input with long runs of combining characters that have alternating Canonical Combining Class (CCC) values. Affected: the normalize() function across all normalization forms. Root cause...

6.3CVSS5.8AI score0.00049EPSS

Exploits0References8

OSV•added 4 days ago•3 views

PSF-2026-25

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00049EPSS

Exploits0References7

EUVD•added 4 days ago•6 views

EUVD-2026-34103

6.3CVSS5.8AI score0.00049EPSS

Exploits0References3

VulnCheck KEV•added 4 days ago•5 views

VulnCheck KEV: CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.2AI score0.00313EPSS

In wildExploits1References3

RedhatCVE•added 5 days ago•7 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS

Exploits0References1

NVD•added 5 days ago•9 views

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00012EPSS

Exploits0References4

Vulnrichment•added 5 days ago•7 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

Cvelist•added 5 days ago•32 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00012EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•6 views

CVE-2026-9599

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

CVE•added 5 days ago•8 views

CVE-2026-9599

The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

EUVD•added 5 days ago•7 views

EUVD-2026-33894

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

Positive Technologies•added 5 days ago•5 views

PT-2026-46680

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Side-channel information leakage in Forms allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Side-channel leakage occurs when information is...

9.6CVSS5.8AI score0.04468EPSS

Exploits0References434

Positive Technologies•added 5 days ago•10 views

PT-2026-45712

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin init function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

NVD•added 6 days ago•7 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

8.8CVSS0.00027EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by