CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00107EPSS

Exploits0References1

NVD•added 2026/05/02 12:16 p.m.•2 views

CVE-2026-4062

7.5CVSS0.00107EPSS

Exploits0References5

ATTACKERKB•added 2026/05/02 11:16 a.m.•0 views

CVE-2026-4062

7.5CVSS6AI score0.00107EPSS

Exploits0References6

CVE•added 2026/05/02 11:16 a.m.•6 views

CVE-2026-4062

The Geo Mashup plugin for WordPress (up to version 1.13.18) is vulnerable to a Time-Based SQL Injection via the object_ids and exclude_object_ids parameters. The root cause is insufficient escaping on user-supplied values: esc_sql() is ineffective in the unquoted IN(...) / NOT IN(...) SQL context...

7.5CVSS6AI score0.00107EPSS

Exploits0References5

Cvelist•added 2026/05/02 11:16 a.m.•30 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

7.5CVSS0.00107EPSS

Exploits0References5

EUVD•added 2026/05/02 11:16 a.m.•1 views

EUVD-2026-26780

7.5CVSS6AI score0.00107EPSS

Exploits0References5

Vulnrichment•added 2026/05/02 11:16 a.m.•1 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

7.5CVSS6AI score0.00107EPSS

Exploits0References5

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36608

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object ids' and 'exclude object ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the...

7.5CVSS6AI score0.00107EPSS

Exploits0References6

RedhatCVE•added 2025/11/17 1:14 p.m.•2 views

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

5.4CVSS6.6AI score0.00043EPSS

Exploits1References1

OSV•added 2025/11/14 7:16 p.m.•0 views

CVE-2025-63291

5.4CVSS5.8AI score0.00043EPSS

Exploits1References3

Cvelist•added 2025/11/14 12:0 a.m.•6 views

CVE-2025-63291

0.00043EPSS

Exploits1References3

SUSE CVE•added 2025/10/01 11:22 p.m.•2 views

SUSE CVE-2025-59044

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

7.1CVSS6.6AI score0.00024EPSS

Exploits0References4

OSV•added 2022/05/24 5:20 p.m.•13 views

GHSA-VWXV-FRJ6-FHC9 OMERO-web Sensitive Data Exposure

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

6.9CVSS5.2AI score0.00345EPSS

Exploits0References4

Github Security Blog•added 2022/05/24 5:20 p.m.•15 views

OMERO-web Sensitive Data Exposure

5.7CVSS6.5AI score0.00345EPSS

Exploits0References4Affected Software1

NVD•added 2020/06/17 5:15 p.m.•8 views

CVE-2020-7932

5.7CVSS0.00345EPSS

Exploits0References1

Prion•added 2020/06/17 5:15 p.m.•9 views

Path traversal

3.5CVSS5.3AI score0.00345EPSS

Exploits0References1Affected Software1

exploitpack•added 2015/01/07 1:49 p.m.•13 views

Linux-Kernel-2.6.34-rc3

The kernel allows processes to access the internal .reiserfspriv directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions are not enforced in that tree, so unprivileged users can view and potentially modify the xattrs on arbitrary files. import os, sys SHELL = 'int...

1.1AI score

Exploits0

OpenVAS•added 2011/08/03 12:0 a.m.•17 views

Debian Security Advisory DSA 2234-1 (zodb)

The remote host is missing an update to zodb announced via advisory DSA 2234-1. OpenVAS Vulnerability Test $Id: deb22341.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2234-1 zodb Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

7.5CVSS0.7AI score0.00651EPSS

Exploits0

securityvulns•added 2011/07/14 12:0 a.m.•23 views

[SECURITY] [DSA 2275-1] openoffice.org security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2275-1 [email protected] http://www.debian.org/security/ Nico Golde July 7, 2011 http://www.debian.org/security/faq -...

1.9AI score

Exploits0

Debian•added 2011/05/10 6:42 p.m.•21 views

[SECURITY] [DSA 2234-1] zodb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2234-1 [email protected] http://www.debian.org/security/ Luciano Bello May 10, 2011 http://www.debian.org/security/faq -...

7.5CVSS7.2AI score0.00651EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by