CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:29 p.m.•7 views

CVE-2026-2714

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.6AI score0.0029EPSS

Exploits0References1

Wired Threat Level•added 2026/06/02 10:0 a.m.•7 views

The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests

The right-wing think tank is actively pushing “civil terrorism”—increasing penalties for minor crimes committed while people engage in constitutionally protected free speech...

5.8AI score

CNNVD•added 2026/05/22 12:0 a.m.•11 views

CIOP-PIB STER 安全漏洞

CIOP-PIB STER is a occupational safety and human ergonomics risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of unencrypted TCP traffic for data...

8.7CVSS5.8AI score0.00225EPSS

Exploits0References2

EUVD•added 2026/04/22 9:31 a.m.•1 views

EUVD-2026-24636

NVD•added 2026/04/22 9:16 a.m.•2 views

Exploits0References4

CVE-2026-2714

4.4CVSS0.0029EPSS

Vulnrichment•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

CVE•added 2026/04/22 7:45 a.m.•6 views

CVE-2026-2714

CVE-2026-2714 affects the Institute Management plugin for WordPress (up to version 5.5). The vulnerability is a stored cross-site scripting issue in the Enquiry Form Title setting caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Administ...

ATTACKERKB•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-2714

Cvelist•added 2026/04/22 7:45 a.m.•24 views

Exploits0References4

CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting

4.4CVSS0.0029EPSS

CNNVD•added 2026/04/22 12:0 a.m.•6 views

WordPress plugin Institute Management 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. In versions...

Positive Technologies•added 2026/04/22 12:0 a.m.•5 views

Exploits0References1

PT-2026-34271

The Hacker News•added 2026/04/07 4:29 p.m.•7 views

Exploits0References5

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...

6AI score

Positive Technologies•added 2026/03/26 12:0 a.m.•3 views

PT-2026-28798

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...

3.7CVSS5.9AI score0.00217EPSS

Exploits0References6

Circl•added 2026/03/23 4:16 a.m.•2 views

CVE-2026-4571

creationtimestamp| type| source ---|---|--- 2026-03-23 04:16:07+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4571...

6.5CVSS5.8AI score0.00245EPSS

Exploits1References1

Positive Technologies•added 2026/02/07 12:0 a.m.•4 views

PT-2026-6904

Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint...

5.1CVSS5.4AI score0.00403EPSS

Packet Storm•added 2025/12/23 12:0 a.m.•138 views

📄 Institute Admission Software 2.5 SQL Injection

Institute Admission Software version 2.5 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 SQL INjection...

8.2AI score

Packet Storm•added 2025/12/19 12:0 a.m.•130 views

📄 Institute Admission Software 2.5 Shell Upload

Institute Admission Software version 2.5 fails to properly validate and restrict uploaded files in the gallery upload functionality within the admin panel. =============================================================================================================================================...

7.1AI score

Packet Storm•added 2025/12/17 12:0 a.m.•136 views

📄 Institute Admission Software 2.5 Insecure Direct Object Reference

Institute Admission Software version 2.5 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 IDOR...

7AI score