CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/15 8:33 p.m.•6 views

Exploits1References1

CVE-2026-45396

Exploits1References2Affected Software1

CVE•added 2026/05/15 8:33 p.m.•7 views

CVE-2026-45396

Summary of technical details (CVE-2026-45396) Open WebUI v0.9.2 is vulnerable to mass assignment in the endpoint POST /api/v1/evaluations/feedback through a FeedbackForm that uses extra='allow'. The root cause is an insecure dictionary merge order in insert_new_feedback(), where the form data can...

Exploits1References1Affected Software1

OSV•added 2026/05/14 8:26 p.m.•4 views

GHSA-RJMP-VJF2-QF4G Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Mass Assignment in Feedback Creation Allows User ID Spoofing and Evaluation Data Manipulation Summary The POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an insecure...

MSRC•added 2026/04/06 12:0 a.m.•2 views

Exploits1References4

Congratulations to the top MSRC 2026 Q1 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

5.9AI score

Packet Storm News•added 2026/03/23 12:0 a.m.•1 views

OrgForge-IT: A Verifiable Synthetic Benchmark for LLM-Based Insider Threat Detection

Synthetic insider threat benchmarks face a consistency problem: corpora generated without an external factual constraint cannot rule out cross-artifact contradictions. The CERT dataset -- the field's canonical benchmark -- is also static, lacks cross-surface correlation scenarios, and predates th...

5.8AI score

MSRC•added 2026/02/06 12:0 a.m.•7 views

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

5.4AI score

MSRC•added 2026/01/05 12:0 a.m.•8 views

Congratulations to the top MSRC 2025 Q4 security researchers!

7AI score

EUVD•added 2025/12/12 6:31 a.m.•3 views

EUVD-2025-203001

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'playerleaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a call to include withou...

8.8CVSS7.2AI score0.00402EPSS

Exploits0References4

NVD•added 2025/12/12 4:15 a.m.•2 views

CVE-2025-12824

8.8CVSS0.00402EPSS

Vulnrichment•added 2025/12/12 3:20 a.m.•2 views

CVE-2025-12824 Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion

8.8CVSS7.3AI score0.00402EPSS

CVE•added 2025/12/12 3:20 a.m.•14 views

CVE-2025-12824

The CVE-2025-12824 entry concerns the WordPress plugin Player Leaderboard (versions up to 1.0.2). It uses an unsanitized shortcode attribute from mode in a PHP include(), enabling Local File Inclusion and potentially arbitrary PHP code execution by authenticated users with Contributor-level acces...

8.8CVSS7.3AI score0.00402EPSS

Cvelist•added 2025/12/12 3:20 a.m.•22 views

CVE-2025-12824 Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion

8.8CVSS0.00402EPSS

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin Player Leaderboard 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

8.8CVSS6.1AI score0.00402EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•6 views

PT-2025-50808

Name of the Vulnerable Software and Affected Versions Player Leaderboard plugin for WordPress versions up to and including 1.0.2 Description The Player Leaderboard plugin for WordPress is susceptible to Local File Inclusion through the 'player leaderboard' shortcode. The issue stems from the plug...

8.8CVSS7.1AI score0.00402EPSS

Exploits0References8

Packet Storm News•added 2025/10/17 12:0 a.m.•3 views

SoK: Taxonomy and Evaluation of Prompt Security in Large Language Models

Large Language Models LLMs have rapidly become integral to real-world applications, powering services across diverse sectors. However, their widespread deployment has exposed critical security risks, particularly through jailbreak prompts that can bypass model alignment and induce harmful outputs...

7AI score