CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

807 matches found

WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting

WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal...

5.4CVSS5.9AI score0.03325EPSS

Exploits2References5

HackRead•added 2026/04/22 1:57 p.m.•5 views

Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...

5.7AI score

Exploits0

The Hacker News•added 2026/04/22 7:58 a.m.•5 views

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations...

6AI score

Exploits0

RedhatCVE•added 2026/04/13 7:25 p.m.•2 views

CVE-2026-39658

Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through = 1.5.12...

5.3CVSS5.8AI score0.00042EPSS

Exploits0References1

EUVD•added 2026/04/08 9:31 a.m.•3 views

EUVD-2026-20327

5.9AI score0.00042EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39658

5.3CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39658 WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability

5.8AI score0.00042EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•17 views

CVE-2026-39658 WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability

5.3CVSS0.00042EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39658

The CVE-2026-39658 issue affects the WordPress Panda Pods Repeater Field plugin up to version 1.5.12. The vulnerability is a Missing Authorization / Broken Access Control in the panda-pods-repeater-field component, caused by incorrectly configured access control security levels. Impact is limited...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39658

5.9AI score0.00042EPSS

Exploits0References2

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31221

5.9AI score0.00042EPSS

Exploits0References3

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Panda Pods Repeater Field 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00042EPSS

Exploits0References1

The Hacker News•added 2026/04/03 5:34 p.m.•4 views

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...

10CVSS7.2AI score0.74864EPSS

Exploits18

The Hacker News•added 2026/03/30 7:0 a.m.•2 views

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN aka USBFect, MISTCLOAK...

6.3AI score

Exploits0

HackRead•added 2026/02/04 2:58 p.m.•2 views

Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works...

5.4AI score

Exploits0

The Hacker News•added 2026/01/28 11:40 a.m.•4 views

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda aka Earth Preta, Fireant, HoneyMyte,...

6.2AI score

Exploits0

The Hacker News•added 2026/01/16 10:27 a.m.•4 views

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S...

6.7AI score

Exploits0

RedhatCVE•added 2026/01/09 10:58 a.m.•1 views

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

9.1CVSS7.4AI score0.00726EPSS

Exploits1References1

NVD•added 2026/01/08 8:15 p.m.•1 views

CVE-2025-68715

9.1CVSS0.00726EPSS

Exploits1References2