CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

30858 matches found

Nuclei•added 7 hours ago•8 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.1AI score0.08063EPSS

Exploits0References3

Nuclei•added 7 hours ago•18 views

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.4AI score0.03802EPSS

Exploits2References4

Nuclei•added 7 hours ago•25 views

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

6.1CVSS6.4AI score0.15827EPSS

Exploits1References5

Nuclei•added 7 hours ago•22 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS5.8AI score0.00963EPSS

Exploits1References5

Nuclei•added 7 hours ago•21 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.6AI score0.29346EPSS

Exploits1References4

NVD•added yesterday•3 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

Exploits0References1

CVE•added yesterday•4 views

CVE-2022-49036

Synology Active Backup for Business Recovery Media Creator (before version 2.5.0-2081) is affected by an OpenSSL configuration vulnerability described as an inclusion of functionality from untrusted control sphere, enabling local users to execute arbitrary code via unspecified vectors. Affected c...

7.8CVSS6.2AI score

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2022-55998

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score

Exploits0References1

Vulnrichment•added yesterday•2 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score

Exploits0References1

Cvelist•added yesterday•14 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

Exploits0References1

ATTACKERKB•added yesterday•3 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score

Exploits0References2

Nuclei•added yesterday•15 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

7.5CVSS7.2AI score0.40963EPSS

Exploits4References1

Circl•added yesterday•3 views

CVE-2026-10702

creationtimestamp| type| source ---|---|--- 2026-06-03 04:52:24+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-mozilla-6 2026-06-03 12:25:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnf44jhtx423...

4.3CVSS5.7AI score0.00018EPSS

Exploits0References2

Circl•added yesterday•3 views

CVE-2026-39553

creationtimestamp| type| source ---|---|--- 2026-06-03 03:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mne4kv3rmf2n...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Positive Technologies•added yesterday•3 views

PT-2026-45954

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

Exploits0References3

CVE•added yesterday•3 views

CVE-2026-36748

RockRMS vulnerability CVE-2026-36748 affects v16.13 and earlier of RockRMS up to v17.7.0, allowing Cross Site Scripting (XSS) via social media links in a user profile. The connected documents confirm the affected product version range and the XSS impact, but do not provide rooted technical detail...

9CVSS5.8AI score

Exploits0References2

OSV•added yesterday•1 views

OPENSUSE-SU-2026:10952-1 sshfs-3.7.6-1.1 on GA media

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

Exploits0References2

Cvelist•added yesterday•16 views

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

Exploits0References2

OPENSUSE Linux•added yesterday•3 views

bind-9.20.23-2.1 on GA media (moderate)

bind-9.20.23-2.1 on GA media Announcement ID: openSUSE-SU-2026:10915-1 Rating: moderate Cross-References: CVE-2026-3593 CVSS scores: CVE-2026-3593 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

7.4CVSS5.8AI score0.00038EPSS

OSV•added yesterday•2 views

OPENSUSE-SU-2026:10947-1 erlang27-27.1.3-2.1 on GA media

These are all security issues fixed in the erlang27-27.1.3-2.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.8AI score0.00375EPSS

Exploits0References14

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by