CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

174 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the Web. Due to a bug related to expired pointer references, Squid versions prior to 6.6 were vulnerable to a Denial of Service attack targeting error responses from the Cache Manager. This vulnerability allowed a trusted client to cause a Denial of Service attack by...

6.5CVSS6.5AI score0.6005EPSS

Exploits1References2

NVD•added 2026/06/18 8:16 a.m.•8 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS

Exploits0References4

EUVD•added 2026/06/18 6:50 a.m.•8 views

EUVD-2026-37861

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

Cvelist•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

6.1CVSS0.00211EPSS

Exploits0References4

CVE•added 2026/06/18 6:50 a.m.•23 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS

Exploits0References4

NVD•added 2026/06/18 6:16 a.m.•10 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS

Exploits0References14

ATTACKERKB•added 2026/06/18 5:34 a.m.•7 views

CVE-2026-11360

4.9CVSS5.8AI score0.00369EPSS

Exploits0References15

EUVD•added 2026/06/18 5:34 a.m.•10 views

EUVD-2026-37844

4.9CVSS5.8AI score0.00369EPSS

Exploits0References14

CNNVD•added 2026/06/11 12:0 a.m.•17 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from users who had access to manage servers but did not have management roles or administrator...

7.5CVSS5.6AI score0.00238EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:42 p.m.•9 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5.7AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:19 p.m.•10 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.5AI score0.00218EPSS

Exploits0References1

Vulnrichment•added 2026/05/16 3:25 p.m.•10 views

CVE-2020-37238 CMS Made Simple 2.2.15 Stored XSS via SVG File Upload

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when othe...

6.4CVSS5.6AI score0.00243EPSS

Exploits0References4

Cvelist•added 2026/05/16 3:25 p.m.•41 views

CVE-2020-37238 CMS Made Simple 2.2.15 Stored XSS via SVG File Upload

6.4CVSS0.00243EPSS

Exploits0References4

CVE•added 2026/05/16 3:25 p.m.•18 views

CVE-2020-37238

CVE-2020-37238 affects CMS Made Simple 2.2.15. The vulnerability is a stored cross-site scripting (XSS) flaw in the file manager: authenticated Content Manager users can upload SVG files containing embedded JavaScript, which executes when other authenticated users view the uploaded file, enabling...

6.4CVSS5.6AI score0.00243EPSS

Exploits0References4

Positive Technologies•added 2026/05/16 12:0 a.m.•12 views

PT-2026-41438

6.4CVSS5.6AI score0.00243EPSS

Exploits0References5

EUVD•added 2026/05/14 6:44 a.m.•16 views

EUVD-2026-30250

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS

Exploits0References2

Cvelist•added 2026/05/14 5:30 a.m.•55 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

8.2CVSS0.00218EPSS

Exploits0References2

EUVD•added 2026/05/13 7:44 a.m.•22 views

EUVD-2025-209823

5.5CVSS6AI score0.00207EPSS

Exploits0References4

ATTACKERKB•added 2026/05/13 7:44 a.m.•4 views

CVE-2025-14767

5.5CVSS6AI score0.00207EPSS

Exploits0References5

Positive Technologies•added 2026/05/13 12:0 a.m.•9 views

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00207EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by