CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

Patchstack•added 2 days ago•1 views

WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Aliefis in WordPress Plugin Visual Link Preview versions = 2.4.1...

5.8AI score

Exploits0Affected Software1

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS0.00038EPSS

Exploits0References2

Cvelist•added 2026/05/25 2:5 p.m.•29 views

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

0.00038EPSS

Exploits0References2

CNNVD•added 2026/05/25 12:0 a.m.•3 views

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS prior to version 151.1, which stems from the incorrect display of specially crafted right-to-left domain names and internationalized...

5.4CVSS5.7AI score0.00038EPSS

Exploits0References3

NVD•added 2026/05/11 10:22 p.m.•9 views

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

8.7CVSS0.00054EPSS

Exploits0References4

ATTACKERKB•added 2026/05/11 9:14 p.m.•4 views

CVE-2026-43897

8.7CVSS5.8AI score0.00054EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/11 9:14 p.m.•6 views

CVE-2026-43897

CVE-2026-43897 affects the link-preview-js library. Prior to version 4.0.1, it did not validate IPv6 loopback addresses and could also resolve certain addresses to internal IPs via DNS, enabling potential internal data leaks when extracting link information. The vulnerability is fixed in version ...

8.7CVSS5.8AI score0.00054EPSS

Exploits0References4

Cvelist•added 2026/05/11 9:14 p.m.•27 views

CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks

8.7CVSS0.00054EPSS

Exploits0References4

CNNVD•added 2026/05/11 12:0 a.m.•3 views

Link Preview JS 代码问题漏洞

Link Preview JS is an open-source tool developed by op-engineering for extracting information about web links. Versions of Link Preview JS prior to 4.0.1 contained code vulnerabilities. These vulnerabilities stemmed from the library’s failure to detect IPv6 loop attacks, and DNS attacks that coul...

8.7CVSS5.9AI score0.00054EPSS

Exploits0References1

RedhatCVE•added 2026/04/29 8:48 p.m.•0 views

CVE-2026-41461

SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers...

8.5CVSS5.6AI score0.00051EPSS

Exploits1References1

EUVD•added 2026/04/23 6:33 p.m.•1 views

EUVD-2026-25226

8.5CVSS5.9AI score0.00051EPSS

Exploits1References4

NVD•added 2026/04/23 3:37 p.m.•0 views

CVE-2026-41461

8.5CVSS0.00051EPSS

Exploits1References4

CVE•added 2026/04/23 1:45 p.m.•4 views

CVE-2026-41461

CVE-2026-41461 affects SocialEngine ≤ 7.8.0. A blind SSRF exists in the /core/link/preview endpoint where input passed through the uri parameter is not sanitized when constructing outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs, including internal or loopback addr...

8.5CVSS5.9AI score0.00051EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/23 1:45 p.m.•32 views

CVE-2026-41461 SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview

8.5CVSS0.00051EPSS

Exploits1References3

ATTACKERKB•added 2026/04/23 1:45 p.m.•1 views

CVE-2026-41461

8.5CVSS5.9AI score0.00051EPSS

Exploits1References4

Vulnrichment•added 2026/04/23 1:45 p.m.•2 views

CVE-2026-41461 SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview

8.5CVSS5.9AI score0.00051EPSS

Exploits1References3

CNNVD•added 2026/04/23 12:0 a.m.•3 views

SocialEngine 代码问题漏洞

SocialEngine is a content management platform developed by SocialEngine Company in India, designed for supporting community interactions and building social networks. Versions of SocialEngine 7.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the use of...

8.5CVSS6AI score0.00051EPSS

Exploits1References2

Packet Storm•added 2026/04/23 12:0 a.m.•54 views

📄 SocialEngine 7.8.0 Server-Side Request Forgery

SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...

8.5CVSS5.8AI score0.00051EPSS

Exploits1

Positive Technologies•added 2026/04/23 12:0 a.m.•1 views

PT-2026-34665

8.5CVSS5.9AI score0.00051EPSS

Exploits1References4

RedhatCVE•added 2026/04/09 7:23 p.m.•0 views

CVE-2026-39670

Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through = 2.3.0...

6CVSS5.9AI score0.00044EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by