CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:14 p.m.•7 views

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS5.7AI score0.00273EPSS

Exploits0References1

EUVD•added 2026/05/22 2:28 a.m.•8 views

EUVD-2026-31391

ATTACKERKB•added 2026/05/22 2:28 a.m.•4 views

CVE-2026-4834

Cvelist•added 2026/05/22 2:28 a.m.•40 views

Exploits0References3

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

7.5CVSS0.00273EPSS

CVE•added 2026/05/22 2:28 a.m.•21 views

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

Vulnrichment•added 2026/05/22 2:28 a.m.•9 views

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

CNNVD•added 2026/05/22 12:0 a.m.•7 views

WordPress plugin WP ERP Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Zero Day Initiative•added 2026/05/21 12:0 a.m.•20 views

Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the key parameter. The issue results from the lack of prop...

8.8CVSS6.2AI score0.0252EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в openssl

Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the key or parameters are obtained from an untrusted source, this ca...

5.3CVSS6.6AI score0.05533EPSS

EUVD•added 2026/05/20 1:25 a.m.•7 views

EUVD-2026-31022

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS6AI score0.00246EPSS

Exploits0References7

EUVD•added 2026/05/08 9:31 a.m.•8 views

EUVD-2025-209736

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

7.3CVSS6.1AI score0.01186EPSS

Exploits3References4

OSV•added 2026/04/27 6:33 p.m.•5 views

JLSEC-2026-250 Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary...

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS

Exploits0References10

Patchstack•added 2026/04/13 9:58 a.m.•2 views

WordPress Customer Reviews for WooCommerce plugin <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability

Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability discovered by kai63001 in WordPress Plugin Customer Reviews for WooCommerce versions = 5.103.0...

5.3CVSS5.8AI score0.00673EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/10 1:24 a.m.•0 views

CVE-2026-4664 Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the createreviewpermissionscheck function comparing the user-supplied key parameter against the order's ivolesecretkey meta value using...

5.3CVSS5.7AI score0.00673EPSS

Exploits0References7

Snyk•added 2026/04/07 9:31 a.m.•3 views

Directory Traversal

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing message...

Snyk•added 2026/04/07 9:31 a.m.•1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

Snyk•added 2026/04/07 9:31 a.m.•2 views

Directory Traversal

Snyk•added 2026/04/07 9:31 a.m.•1 views

Directory Traversal

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...