CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00012EPSS

Exploits0References4

CVE•added yesterday•9 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

ATTACKERKB•added yesterday•2 views

CVE-2026-9730

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

Vulnrichment•added yesterday•4 views

CVE-2026-9730 Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.7AI score0.00012EPSS

Exploits0References4

Patchstack•added 2 days ago•5 views

WordPress Remove NoFollow Commenter URL plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Remove NoFollow Commenter URL versions = 1.0...

4.3CVSS5.8AI score0.00012EPSS

Exploits0References1Affected Software1

OSV•added 2026/05/20 12:0 a.m.•3 views

UBUNTU-CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6AI score0.00007EPSS

Exploits0References5

EUVD•added 2026/05/11 6:31 p.m.•7 views

EUVD-2026-29087

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00045EPSS

Exploits0References2

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39629

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. check access permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own...

8.1CVSS5.8AI score0.00045EPSS

Exploits0References2

OSV•added 2026/05/04 9:7 p.m.•2 views

GHSA-5H3G-6XHH-RG6P OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Summary OpenShell FS bridge reads pin and verify the opened file before returning bytes Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a...

6CVSS5.8AI score0.00033EPSS

Exploits0References5

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32421

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT SYMLINK NOFOLLOW flag, which Root.Chmod uses to...

6.4CVSS5.8AI score0.0001EPSS

Exploits0References6

SUSE CVE•added 2026/04/08 11:25 p.m.•3 views

SUSE CVE-2026-32282

6.3CVSS5.8AI score0.0001EPSS

Exploits0References18

UbuntuCve•added 2026/04/08 2:16 a.m.•2 views

CVE-2026-32282

6.4CVSS5.9AI score0.0001EPSS

Exploits0References5

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-31063

Name of the Vulnerable Software and Affected Versions Root.Chmod affected versions not specified Description On Linux, if the target of Root.Chmod is replaced with a symlink during a chmod operation, the operation can affect the symlink's target, even if that target is outside the root directory...

9.8CVSS5.8AI score0.0001EPSS

Exploits0References289

RedhatCVE•added 2026/01/09 8:47 a.m.•2 views

CVE-2025-23853

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a through = 1.6.3...

7.1CVSS7.2AI score0.00187EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-5815

Malware in sbrugna...

6.1CVSS6.2AI score0.00454EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-52545

Malicious code in bioql PyPI...

7.1CVSS9AI score0.00118EPSS

Exploits0References1