CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/28 6:45 a.m.•4 views

EUVD-2026-32731

CVE•added 2026/05/28 6:45 a.m.•13 views

CVE-2026-9618

The CVE-2026-9618 entry concerns the PeachPay for WooCommerce plugin (WordPress) with versions up to and including 1.120.46. Affected component: peachpay_stripe_handle_admin_actions function, where missing/incorrect nonce validation enables Cross-Site Request Forgery. Impact: unauthenticated atta...

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44210

CNNVD•added 2026/05/28 12:0 a.m.•3 views

Exploits0References9

WordPress plugin PeachPay — Payments & Express Checkout for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

ATTACKERKB•added 2026/05/26 12:45 p.m.•9 views

CVE-2026-9544

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...

7.5CVSS6.8AI score0.00037EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/17 7:30 a.m.•6 views

CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS6.1AI score0.00051EPSS

Exploits0References4

CVE•added 2026/05/17 7:30 a.m.•8 views

CVE-2026-8738

Sanluan PublicCMS 5.202506.d contains a vulnerability affecting the Trade payment flow. Specifically, the methods TradeOrderController.pay, TradePaymentController.pay, and AccountGatewayComponent.pay in the publiccms-trade module are affected, with the root cause described as a business logic man...

6.9CVSS6.1AI score0.00051EPSS

Exploits0References4

Cvelist•added 2026/05/17 7:30 a.m.•36 views

CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error

6.9CVSS0.00051EPSS

Exploits0References4

Positive Technologies•added 2026/05/17 12:0 a.m.•5 views

PT-2026-41524

6.9CVSS6.1AI score0.00051EPSS

Exploits0References5

CVE•added 2026/05/15 4:51 p.m.•8 views

CVE-2026-44714

CVE-2026-44714 affects the bitcoinj Java library prior to 0.17.1. The issue lives in ScriptExecution.correctlySpends() and creates two fast-path verification bugs for P2PKH and native P2WPKH spends. In both paths, the code validates an attacker-controlled signature/public-key pair but does not ve...

7.5CVSS5.9AI score0.00011EPSS

Exploits0References3

ATTACKERKB•added 2026/05/12 11:2 a.m.•4 views

CVE-2026-45215

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...

5.3CVSS5.8AI score0.00036EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39974

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb handle slek payment redirect function placing the merchant's slek key and slek secret API credentials directly into a client-side HTML form, and additionally embeddin...

5.3CVSS5.8AI score0.00075EPSS

Exploits0References6

OSV•added 2026/05/08 5:43 p.m.•4 views

GHSA-HFCF-V2F8-X9PC bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.00011EPSS

Exploits0References6

Positive Technologies•added 2026/05/08 12:0 a.m.•4 views

PT-2026-39293

7.5CVSS5.9AI score0.00011EPSS

Exploits0References7

Snyk•added 2026/05/04 3:2 a.m.•0 views

Malicious Package

Overview @apple-pay-trust/check-apple-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score

Snyk•added 2026/05/04 3:2 a.m.•1 views

Malicious Package

Overview @apple-pay-trust/check-apple-pay-result is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.8AI score

Snyk•added 2026/05/04 3:2 a.m.•1 views

Malicious Package

Overview @google-pay-trust/finish is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score