CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/05 3:37 a.m.•27 views

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

6.4CVSS0.00032EPSS

CVE•added 2026/05/05 3:37 a.m.•7 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

ATTACKERKB•added 2026/05/05 3:37 a.m.•0 views

CVE-2026-2948

Vulnrichment•added 2026/05/05 3:37 a.m.•3 views

Exploits0References3

CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

Cvelist•added 2026/05/05 12:0 a.m.•24 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

0.00066EPSS

CVE•added 2026/05/05 12:0 a.m.•5 views

CVE-2026-42997

CVE-2026-42997 affects iDRAC in OpenStack Ironic (pre-35.0.1). During import, a user invoking molds can trigger authorization to a remote endpoint, forwarding a credential: either a time-limited Keystone token (granting access to all services Ironic is authorized for) or basic credentials for mol...

7.7CVSS5.8AI score0.00014EPSS

Exploits0References3

Positive Technologies•added 2026/05/05 12:0 a.m.•3 views

PT-2026-36962

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import images function. This makes it possible for authenticated attackers, with contributor-level access and above, ...

CNNVD•added 2026/05/05 12:0 a.m.•3 views

Exploits0References3

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

6.4CVSS6AI score0.00032EPSS

CNNVD•added 2026/05/05 12:0 a.m.•6 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the image import process sending an outbound HEAD request to the URL provided to users before verifying project restriction...

5.3CVSS6AI score0.00011EPSS

Exploits1References1

CNNVD•added 2026/05/05 12:0 a.m.•4 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. Versions of OpenStack Ironic prior to 35.0.1 contained a security vulnerability; this vulnerability stemmed from the...

7.7CVSS5.8AI score0.00014EPSS

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-37211

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 26.1.6 OpenStack Ironic versions prior to 29.0.5 OpenStack Ironic versions prior to 32.0.1 OpenStack Ironic versions prior to 35.0.1 Description An issue in idrac allows a user invoking molds during import to...

7.7CVSS5.8AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/05/05 12:0 a.m.•5 views

PT-2026-37087

Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...

9.8CVSS5.8AI score0.00066EPSS

Exploits0References8

Vulnrichment•added 2026/05/05 12:0 a.m.•3 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

5.8AI score0.00066EPSS

Cvelist•added 2026/05/05 12:0 a.m.•30 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS0.00014EPSS

ATTACKERKB•added 2026/05/05 12:0 a.m.•0 views

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

5.8AI score0.00066EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7641

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

8.8CVSS5.7AI score0.0003EPSS