CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

VulnCheck KEV•added 2026/06/04 12:0 a.m.•11 views

VulnCheck KEV: CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01007EPSS

In wildExploits1References2

6.1CVSS5.5AI score0.00223EPSS

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability...

Exploits0References1

5.4CVSS5.3AI score0.00171EPSS

WordPress plugin Popup Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CNNVD•added 2026/06/04 12:0 a.m.•5 views

Niche Office All in One Video Downloader SQL注入漏洞

Niche Office All in One Video Downloader is an online video download tool developed by the Turkish company Niche Office. Version 1.2 of Niche Office All in One Video Downloader has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, whi...

8.8CVSS6.2AI score0.0027EPSS

Exploits0References5

8.8CVSS6.2AI score0.00262EPSS

PHP EI-Tube Script SQL注入漏洞

The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46865

Unauthenticated Reflected XSS via $ GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

6.1CVSS6.2AI score

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46202

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

8.8CVSS6.1AI score0.00262EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•9 views

PT-2026-46237

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the 'over-correlation' endpoint where the order query parameter is accepted from user-controlled named request parameters. This allows an...

8.1CVSS5.4AI score0.00225EPSS

CNNVD•added 2026/06/04 12:0 a.m.•2 views

WordPress plugin Google Review Slider SQL注入漏洞

8.8CVSS5.8AI score0.00262EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46894

6.1CVSS6.2AI score0.00094EPSS

5.3CVSS4.7AI score0.00273EPSS

itsourcecode Fees Management System 代码注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Versions of itsourcecode Fees Management System 1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from the operation of unknown functions in the /navbar.php fil...

Exploits0References6

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46130

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.8AI score0.00244EPSS

CNNVD•added 2026/06/04 12:0 a.m.•2 views

ThemeRig Listing Hub CMS SQL注入漏洞

ThemeRig Listing Hub CMS is a classification catalog and information publishing management system developed by ThemeRig Corporation. Version 1.0 of ThemeRig Listing Hub CMS contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter,...

8.8CVSS6.2AI score0.0027EPSS

Exploits0References5

CNNVD•added 2026/06/04 12:0 a.m.•5 views

itsourcecode Fees Management System SQL注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from unknown functions in the /receipt.php file that manipulate the...

6.5CVSS6.7AI score0.002EPSS

Exploits0References6

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46199

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell...

9.8CVSS6.1AI score0.00258EPSS

Exploits0References5

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46129

6.5CVSS5.9AI score0.00224EPSS