CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8086 matches found

RedhatCVE•added 2026/02/21 7:29 p.m.•2 views

CVE-2026-22350

Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through...

6.5CVSS5.5AI score0.00042EPSS

Exploits0References1

NVD•added 2026/02/21 10:16 a.m.•5 views

CVE-2025-14339

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the Forms::permission callback only validating the X-WP-Nonce...

6.5CVSS0.00124EPSS

Exploits0References5

ATTACKERKB•added 2026/02/21 9:27 a.m.•6 views

CVE-2025-14339

6.5CVSS5.5AI score0.00124EPSS

Exploits0References6

Cvelist•added 2026/02/21 9:27 a.m.•19 views

CVE-2025-14339 weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion

6.5CVSS0.00124EPSS

Exploits0References5

CVE•added 2026/02/21 9:27 a.m.•12 views

CVE-2025-14339

The weMail WordPress plugin (versions up to 2.0.7) is vulnerable to unauthorized deletion of all forms. The root cause is Forms::permission() only validating the X-WP-Nonce header without checking user capabilities, and the REST nonce is exposed to unauthenticated visitors via the weMail JavaScri...

6.5CVSS5.5AI score0.00124EPSS

Exploits0References5

Veracode•added 2026/02/21 5:2 a.m.•2 views

Path Traversal

Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...

6.5CVSS5.3AI score0.00025EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/21 12:0 a.m.•5 views

PT-2026-21373

6.5CVSS5.5AI score0.00124EPSS

Exploits0References6

NVD•added 2026/02/20 4:22 p.m.•7 views

CVE-2026-22350

6.5CVSS0.00042EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•3 views

CVE-2025-69324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.00045EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•2 views

CVE-2025-69326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.00045EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•2 views

CVE-2025-68863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

7.1CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:47 p.m.•4 views

CVE-2026-22350 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability

6.5CVSS5.3AI score0.00042EPSS

Exploits0References1

CVE•added 2026/02/20 3:47 p.m.•8 views

CVE-2026-22350

CVE-2026-22350: Broken/Missing Authorization in WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder (versions up to 6.3.1). Exploitation involves bypassing access control to obtain PDF-related actions. Public details from multiple sources confirm the affected plugin/version ...

6.5CVSS5.5AI score0.00042EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:47 p.m.•26 views

CVE-2026-22350 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability

6.5CVSS0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/02/20 3:47 p.m.•4 views

CVE-2026-22350

5.4AI score0.00042EPSS

Exploits0References2

Vulnrichment•added 2026/02/20 3:46 p.m.•3 views

CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS5.3AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•18 views

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

5.3AI score0.00045EPSS

Exploits0References1

CVE•added 2026/02/20 3:46 p.m.•7 views

CVE-2025-69326

CVE-2025-69326 is a Reflected XSS in the Basix NEX-Forms nex-forms-express-wp-form-builder plugin for WordPress, with input not properly neutralized during web page generation. Affected: NEX-Forms versions up to and including 9.1.7. Impact per the CVSS vector shows Network attack, User Interactio...

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

CVE•added 2026/02/20 3:46 p.m.•8 views

CVE-2025-69324

CVE-2025-69324 describes a stored XSS vulnerability in Basix NEX-Forms (WordPress plugin: nex-forms-express-wp-form-builder) affecting versions up to and including 9.1.7. Root cause: improper input neutralization during web page generation leading to stored Cross-Site Scripting. Impact per source...

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by