CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS

VulnCheck KEV•added 2026/05/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.7AI score0.01358EPSS

In wildExploits3References2

RedhatCVE•added 2026/03/26 3:16 p.m.•0 views

CVE-2026-31919

Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.7.1...

4.3CVSS5.8AI score0.00013EPSS

Packet Storm News•added 2026/03/16 12:0 a.m.•0 views

The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience

The ongoing shortage of skilled developers, particularly in security-critical software development, has led organizations to increasingly adopt AI-powered development tools to boost productivity and reduce reliance on limited human expertise. These tools, often based on large language models, aim...

5.9AI score

Exploits0

Positive Technologies•added 2026/03/13 12:0 a.m.•1 views

PT-2026-25174

4.3CVSS5.8AI score0.00013EPSS

CNNVD•added 2025/12/06 12:0 a.m.•2 views

WordPress plugin Link Whisper Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.9AI score0.00106EPSS

EUVD•added 2025/10/18 9:30 a.m.•4 views

EUVD-2025-34973

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

9.8CVSS7.1AI score0.0057EPSS

Exploits1References4

Wordfence Blog•added 2025/08/25 4:31 p.m.•6 views

15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

8.8CVSS8.3AI score0.00083EPSS

Exploits0

RedhatCVE•added 2025/05/22 8:44 p.m.•1 views

CVE-2021-39273

In XeroSecurity Sn1per 9.0 free version, insecure permissions 0777 are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges...

9CVSS7.7AI score0.0166EPSS

RedhatCVE•added 2025/05/14 6:12 a.m.•9 views

CVE-2025-3597

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versi...

5.9CVSS6.9AI score0.00184EPSS

OSV•added 2025/05/12 6:15 a.m.•1 views

CVE-2025-3597

5.9CVSS7.4AI score0.00184EPSS

Cvelist•added 2025/05/12 6:0 a.m.•21 views

CVE-2025-3597 Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS

0.00184EPSS

Cvelist•added 2025/04/08 1:53 p.m.•12 views

CVE-2025-31498 c-ares has a use-after-free in read_answers()

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS0.00651EPSS

Positive Technologies•added 2025/02/08 12:0 a.m.•1 views

PT-2025-6017 · Dreamvention · Dreamvention Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Dreamvention Live AJAX Search Free versions 1.0.0 through 1.0.6 Description: A critical issue has been found in the function searchresults/search of the file /?route=extension/live search/module/live search.searchresults. The manipulation of...

7.5CVSS7.8AI score0.00055EPSS

Exploits0References13

Positive Technologies•added 2025/01/26 12:0 a.m.•1 views

PT-2025-1376 · Libxml2 +9 · Libxml2 +9

The libxml2 library, specifically versions up to 2.10.x, contains a use-after-free flaw in the xmlXIncludeAddNode function within the xinclude.c file. This flaw can potentially lead to remote code execution. The affected versions are all libxml2 versions before 2.11.0. An exploit for this issue i...

8.1CVSS7.1AI score0.04197EPSS

Exploits10References116

Cvelist•added 2025/01/22 2:29 p.m.•17 views

CVE-2025-23949 WordPress Improved Sale Badges – Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...

8.1CVSS0.01606EPSS

Positive Technologies•added 2025/01/22 12:0 a.m.•3 views

PT-2025-5226 · Unknown · Mihajlovic Nenad Improved Sale Badges

Name of the Vulnerable Software and Affected Versions: Mihajlovic Nenad Improved Sale Badges – Free Version versions 1.0.1 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP program, also known as PHP Remote File Inclusion, which...

8.1CVSS9.6AI score0.01606EPSS