CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61617 matches found

Github Security Blog•added 2026/03/11 7:23 p.m.•20 views

Shopware: Unauthenticated data extraction possible through store-api.order endpoint

Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...

8.9CVSS5.8AI score0.00237EPSS

Exploits0References3Affected Software2

Circl•added 2026/03/11 7:16 p.m.•2 views

CVE-2026-3950

creationtimestamp| type| source ---|---|--- 2026-03-11 19:16:22+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3950...

4.8CVSS5.7AI score0.00117EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 7:5 p.m.•4 views

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/11 7:5 p.m.•3 views

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

6.9CVSS5.8AI score0.00414EPSS

Exploits1References4

Circl•added 2026/03/11 6:10 p.m.•3 views

CVE-2026-31863

creationtimestamp| type| source ---|---|--- 2026-03-11 18:10:06+00:00| seen| https://gist.github.com/alon710/2f5ac9f201724311bd0bb59616acb73c...

4.4CVSS5.8AI score0.00107EPSS

Exploits0References1

CVE•added 2026/03/11 5:37 p.m.•11 views

CVE-2026-31859

CVE-2026-31859 (Craft CMS) : Craft CMS is vulnerable to a reflective XSS via incomplete return URL sanitization. The fix for CVE-2025-35939 added a strip_tags() call in src/web/User.php to sanitize return URLs, but strip_tags() only strips HTML tags and does not validate URL schemes. Payloads suc...

6.9CVSS5.8AI score0.00185EPSS

Exploits0References1Affected Software1

Circl•added 2026/03/11 5:36 p.m.•2 views

CVE-2026-32246

creationtimestamp| type| source ---|---|--- 2026-03-11 17:36:15+00:00| published-proof-of-concept| https://github.com/tinyauthapp/tinyauth/security/advisories/GHSA-3q28-qjrv-qr39 2026-03-12 19:21:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgv4nkxbzb2t 2026-03-12...

8.5CVSS7.2AI score0.0027EPSS

Exploits1References5

Circl•added 2026/03/11 4:42 p.m.•6 views

CVE-2025-70872

creationtimestamp| type| source ---|---|--- 2026-03-11 16:42:38+00:00| seen| https://gist.github.com/cnwangjihe/7bb28e7c721cbe552155acb66e02d3c5...

5.8AI score

Exploits0References1

CVE•added 2026/03/11 3:52 p.m.•10 views

CVE-2026-28803

CVE-2026-28803 affects Open Forms with cosign flow prior to versions 3.3.13 and 3.4.5. The vulnerability allows a logged-in user to implicitly retrieve arbitrary submissions by guessing/modifying the cosign code received by email, enabling access to submission references during cosign flow. The i...

6.5CVSS5.9AI score0.00201EPSS

Exploits0References1Affected Software1

Circl•added 2026/03/11 3:16 p.m.•2 views

CVE-2026-27897

creationtimestamp| type| source ---|---|--- 2026-03-11 15:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-27897 2026-03-20 15:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhirsmclvp2h...

10CVSS5.8AI score0.00644EPSS

Exploits1References2

Circl•added 2026/03/11 2:14 p.m.•2 views

GCVE-1-2026-0020

creationtimestamp| type| source ---|---|--- 2026-03-11 14:14:51+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/523ca818-9868-4f11-832b-baf2fbd9d76c...

5.8AI score

Exploits0References1

Circl•added 2026/03/11 12:10 p.m.•0 views

GHSA-H3RV-Q4RQ-PQCV

creationtimestamp| type| source ---|---|--- 2026-03-11 12:10:06+00:00| seen| https://gist.github.com/alon710/90d4653c1f3204acd98b3c7dd62773cd...

5.8AI score

Exploits0References1

Circl•added 2026/03/11 12:0 p.m.•1 views

GHSA-RV39-79C4-7459

creationtimestamp| type| source ---|---|--- 2026-03-11 12:00:06+00:00| seen| https://gist.github.com/alon710/ba8dc0788a471b5a92fb9d0637418df7...

5.8AI score

Exploits0References1

Circl•added 2026/03/11 10:50 a.m.•4 views

CVE-2026-24017

creationtimestamp| type| source ---|---|--- 2026-03-11 10:50:56+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-fortinet-8 2026-03-11 14:43:25+00:00| seen| https://ccb.belgium.be/advisories/warning-fortinet-patched-22-vulnerabilities-multiple-products-patch-immediately...

8.1CVSS5.7AI score0.00764EPSS

Exploits0References3

RedhatCVE•added 2026/03/11 7:9 a.m.•4 views

CVE-2025-70249

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard2...

7.5CVSS6.1AI score0.00723EPSS

Exploits1References1

RedhatCVE•added 2026/03/11 7:9 a.m.•3 views

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

6.1CVSS6.2AI score0.00742EPSS

Exploits2References1

RedhatCVE•added 2026/03/11 7:9 a.m.•5 views

CVE-2025-70244

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup...

7.5CVSS6.1AI score0.00599EPSS

Exploits1References1

RedhatCVE•added 2026/03/11 7:9 a.m.•5 views

CVE-2025-70247

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1...

7.5CVSS6.1AI score0.00723EPSS

Exploits1References1