CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 16 hours ago•4 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS5.8AI score0.03117EPSS

EUVD•added 2026/05/22 12:31 a.m.•7 views

EUVD-2026-31356

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

Vulnrichment•added 2026/05/21 9:7 p.m.•4 views

CVE-2026-7879 Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()

ATTACKERKB•added 2026/05/21 9:7 p.m.•3 views

Exploits0References1

CVE-2026-7879

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:7 p.m.•21 views

CVE-2026-7879 Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()

6.3CVSS0.0003EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•5 views

PT-2026-42553

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description The submit password method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the...

CVE•added 2026/05/20 9:28 a.m.•11 views

CVE-2026-6728

The CVE concerns the WordPress Slider Revolution plugin (up to version 7.0.9). Affected component: get_stream_data() in sliders/stream, enabling unauthenticated attackers to exfiltrate sensitive content, including published password-protected posts, pages, and products. Root cause: Sensitive Info...

Vulnrichment•added 2026/05/20 9:28 a.m.•5 views

CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

EUVD•added 2026/05/20 9:28 a.m.•6 views

EUVD-2026-31089

ATTACKERKB•added 2026/05/20 9:28 a.m.•6 views

CVE-2026-6728

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42137

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get stream data' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page,...

NVD•added 2026/05/14 9:16 a.m.•5 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS0.00048EPSS

Vulnrichment•added 2026/05/14 8:24 a.m.•3 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

5.3CVSS5.8AI score0.00048EPSS

ATTACKERKB•added 2026/05/14 8:24 a.m.•1 views

CVE-2026-6206

5.3CVSS5.8AI score0.00048EPSS

Exploits0References4

OSV•added 2026/05/13 3:33 p.m.•0 views

GHSA-FMH9-GPQH-G53G SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode

Summary The advisory GHSA-c77m-r996-jr3q patched getBookmark so that, when invoked by a publish-mode RoleReader, results are filtered through FilterBlocksByPublishAccess to remove entries from password-protected / publish-ignored notebooks. Four sibling search handlers in the same file did not...

4.3CVSS5.8AI score0.00009EPSS

ATTACKERKB•added 2026/05/13 4:26 a.m.•3 views

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

5.3CVSS5.8AI score0.00036EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•5 views

PT-2026-40727

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Broken access control in the publish-mode allows readers to enumerate metadata from documents that are invisible to the publish service. This occurs because certain search handlers do not filter...

4.3CVSS5.8AI score0.00009EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в imagemagick

ImageMagick versions before 6.9.11-40 and 7.x before 7.0.10-40 mishandle the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized, allowing additional shell commands to be injected through...

7.8CVSS6.9AI score0.6875EPSS

Exploits1References2

Vulnrichment•added 2026/04/14 11:26 p.m.•1 views

CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure

The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...

5.3CVSS5.8AI score0.03117EPSS