CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS

Exploits0References1

CVE•added 2026/05/28 9:35 a.m.•29 views

CVE-2026-46124

CVE-2026-46124 affects the Linux kernel isofs filesystem. The vulnerability arises because isofs_fh_to_dentry/isofs_fh_to_parent pass an attacker-controlled block number from an NFS file handle to isofs_export_iget(), which only rejects block == 0 before calling isofs_iget and sb_bread. A crafted...

7.5CVSS5.8AI score0.00425EPSS

Exploits0References8

Debian CVE•added 2026/05/28 9:35 a.m.•6 views

CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

7.5CVSS5.7AI score0.00425EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: md-raid10: fixed the KASAN warning There is a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We have fixed this warning by verifying that the value “number” is valid. BUG: KASAN:...

7.1CVSS6AI score0.002EPSS

Exploits0References2

ATTACKERKB•added 2026/05/06 11:28 a.m.•8 views

CVE-2026-43213

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wdring-pages array, causing NULL pointer dereference. BUG:...

5.7AI score0.0022EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/05/06 11:28 a.m.•7 views

CVE-2026-43213

7.5CVSS5.7AI score0.0022EPSS

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Zabbix

Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...

9.1CVSS5.6AI score0.01606EPSS

Exploits0References2

CNNVD•added 2026/04/24 12:0 a.m.•7 views

WordPress plugin Taqnix 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00139EPSS

Exploits0References1

CNNVD•added 2026/04/22 12:0 a.m.•5 views

WordPress plugin Fast & Fancy Filter – 3F 跨站请求伪造漏洞

4.3CVSS5.8AI score0.0018EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Download Monitor 跨站请求伪造漏洞

5.4CVSS5.7AI score0.00161EPSS

Exploits0References7

CNNVD•added 2026/03/21 12:0 a.m.•5 views

WordPress plugin Redirect countdown 跨站请求伪造漏洞

4.3CVSS5.7AI score0.0014EPSS

Exploits0References3

CNNVD•added 2026/03/13 12:0 a.m.•5 views

WordPress plugin wpDiscuz 跨站请求伪造漏洞

5.4CVSS5.7AI score0.00153EPSS

Exploits0References3

CNNVD•added 2026/02/18 12:0 a.m.•4 views

WordPress plugin Keybase.io Verification 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00156EPSS

Exploits0References4

CNNVD•added 2026/02/18 12:0 a.m.•3 views

WordPress plugin WP Plugin Info Card 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00156EPSS

Exploits0References5

CNNVD•added 2026/02/18 12:0 a.m.•6 views

InvoicePlane 安全漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a security vulnerability. This vulnerability stems from the lack of validation for user...

7.5CVSS5.8AI score0.00279EPSS

Exploits1References2

CNNVD•added 2026/02/13 12:0 a.m.•3 views

WordPress plugin RegistrationMagic 安全漏洞

4.3CVSS5.8AI score0.00171EPSS

Exploits0References1

ATTACKERKB•added 2026/02/07 9:45 p.m.•3 views

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

9.3CVSS5.7AI score0.00615EPSS

Exploits0References4

CNNVD•added 2026/02/06 12:0 a.m.•4 views

WordPress plugin Code Snippets 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00191EPSS

Exploits0References6

CNNVD•added 2026/01/28 12:0 a.m.•4 views

WordPress plugin: "Change WP URL" has a cross-site request forgeing vulnerability

4.3CVSS5.7AI score0.00128EPSS

Exploits0References6

CNNVD•added 2026/01/24 12:0 a.m.•4 views

WordPress plugin ZT Captcha has a cross-site request forgeing vulnerability