CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1821 matches found

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.6AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-3362

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...

4.4CVSS5.7AI score0.00026EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.6AI score0.00009EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-4479

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.6AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2 days ago•3 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.5AI score0.00062EPSS

Exploits0References1

NVD•added 3 days ago•5 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS0.00062EPSS

Exploits0References1

Cvelist•added 3 days ago•35 views

CVE-2026-49190 Missing Per-Instruction Authorization Checks

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS0.00062EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-34209

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00062EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-49190 Missing Per-Instruction Authorization Checks

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00062EPSS

Exploits0References1

CVE•added 3 days ago•11 views

CVE-2026-49190

Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the initial document or connected sources. Monitor for updates from official advisories.

9.4CVSS5.8AI score0.00062EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 3 days ago•4 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00062EPSS

Exploits0References2

Positive Technologies•added 3 days ago•8 views

PT-2026-46148

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00062EPSS

Exploits0References2

Wordfence Blog•added 4 days ago•7 views

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

9.8CVSS6.7AI score0.00313EPSS

Exploits1

CVE•added 5 days ago•11 views

CVE-2025-5085

CVE-2025-5085 affects the WP Nano AD WordPress plugin (versions up to 1.31). It enables Stored Cross-Site Scripting via the blogrole_link parameter due to insufficient input sanitization/escaping. Impact: authenticated attackers with administrator rights can inject scripts that run for users on i...

5.5CVSS6AI score0.00028EPSS

Exploits0References4

Cvelist•added 5 days ago•36 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS0.00028EPSS

Exploits0References4

OSV•added 6 days ago•7 views

ASB-A-428945391

In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS5.9AI score0.00005EPSS

Exploits4References1

OSV•added 2026/05/28 12:0 a.m.•5 views

MAL-2026-4949 Malicious code in @cloudplatform-single-spa/ml-rag (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score

Exploits0References1

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00038EPSS

Exploits0References7

NVD•added 2026/05/27 8:16 p.m.•9 views

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS0.00063EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:27 a.m.•25 views

CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings

4.4CVSS0.00035EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by