CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•35 views

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

7.1CVSS0.00038EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-33949

Vulnrichment•added 2 days ago•4 views

CVE-2026-33398 Authenticated users can read hidden forum posts through `/forum/get_quotes`

ATTACKERKB•added 2 days ago•3 views

CVE-2026-33398

Positive Technologies•added 2 days ago•5 views

Exploits0References2

PT-2026-45773

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/get quotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

GithubExploit•added 2026/05/26 2:2 p.m.•43 views

Exploits0References2

Terminus-ai

Terminus-ai a foundation model trainthe entirety of exploit-...

6AI score

The Hacker News•added 2026/05/22 5:35 p.m.•14 views

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

5.9AI score

NVD•added 2026/04/29 4:16 p.m.•1 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS0.00034EPSS

Exploits1References2

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS5.7AI score0.00015EPSS

CVE•added 2026/04/17 2:25 a.m.•9 views

CVE-2026-4666

CVE-2026-4666 affects the WordPress plugin wpForo Forum ≤ 2.4.16. The vulnerability arises from using extract($args, EXTR_OVERWRITE) on user-controlled input in Posts::edit(), with the post_edit action passing $_REQUEST['post'] to that method. An attacker can inject post[guestposting]=1 to overri...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References8

ATTACKERKB•added 2026/04/17 2:25 a.m.•1 views

CVE-2026-4666

6.5CVSS5.8AI score0.00015EPSS

Exploits0References9

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33399

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTR OVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The post edit action handler in Actions.php passes...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References9

Schneier on Security•added 2026/04/14 10:49 a.m.•4 views

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

5.8AI score

Packet Storm News•added 2026/04/10 12:0 a.m.•1 views

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

5.9AI score