CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 8 hours ago•11 views

PrestaShop lgcookieslaw - SQL Injection

The EU Cookie Law GDPR Banner + Blocker PrestaShop module before 2.1.3 allows blind SQL injection via the lglaw or lgcookieslaw cookie used to store user consent choices. id: CVE-2022-44727 info: name: PrestaShop lgcookieslaw - SQL Injection author: mastercho severity: critical description: | The...

9.1CVSS8.5AI score0.20724EPSS

Exploits1References3

HackRead•added 4 days ago•11 views

Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites

Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing...

5.5AI score

The Hacker News•added 2026/06/04 6:6 a.m.•11 views

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

OSV•added 2026/06/03 4:11 p.m.•5 views

DRUPAL-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

Exploits0References1

PT-2026-46080

Drupal•added 2026/06/03 12:0 a.m.•8 views

Exploits0References2

TacJS - Moderately critical - Improper Access Control - SA-CONTRIB-2026-040

Wired Threat Level•added 2026/05/26 9:30 a.m.•7 views

Exploits0References2

US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows

As Americans stew over the looming risk of job-stealing AI and data centers in their back yards, the feds are raising the alarm about a new category of threat, documents obtained by WIRED show...

5.8AI score

The Hacker News•added 2026/05/22 5:35 p.m.•14 views

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

The Hacker News•added 2026/05/22 8:50 a.m.•15 views

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice DoJ on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service DDoS botnet known as Kimwolf. In tandem, Jacob Butler aka Dort, 23, Ottawa, Canada, has been charged with offenses related to the developmen...

5.8AI score

Rapid7 Blog•added 2026/05/21 1:0 p.m.•7 views

Rapid7 Quarterly Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the latest quarterly...

5.5AI score

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2021-47957

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of...

6.4CVSS0.00034EPSS

ATTACKERKB•added 2026/05/16 3:26 p.m.•3 views

CVE-2021-47957

Exploits0References4Affected Software1

CVE•added 2026/05/16 3:26 p.m.•10 views

CVE-2021-47957

The vulnerability affects the WordPress plugin Cookie Law Bar (version 1.2.1). It is a stored XSS in the Bar Message field (parameter clb_bar_msg) that can be exploited by an authenticated attacker to inject scripts via the plugin settings page, with the payload executing in the browsers of all s...

Cvelist•added 2026/05/16 3:26 p.m.•27 views

CVE-2021-47957 WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

6.4CVSS0.00034EPSS

Vulnrichment•added 2026/05/16 3:26 p.m.•6 views

CVE-2021-47957 WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

EUVD•added 2026/05/16 3:26 p.m.•8 views

EUVD-2021-34825

Positive Technologies•added 2026/05/16 12:0 a.m.•7 views

PT-2026-41454

Name of the Vulnerable Software and Affected Versions Cookie Law Bar version 1.2.1 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the 'Bar Message' field. These script payloads are injected through the...

CNNVD•added 2026/05/16 12:0 a.m.•6 views

Exploits0References6

WordPress plugin Cookie Law Bar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Malwarebytes•added 2026/05/13 1:34 p.m.•7 views

Exploits0References1

Texas sued Netflix over claims it secretly collected and sold users’ data

Attorney General AG of Texas Ken Paxton announced that he sued Netflix for spying on Texans, including children, and collecting users’ data without their knowledge or consent. The suit alleges Netflix secretly tracks and monetizes detailed viewing behavior of users, including children, while...

5.7AI score