CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•17 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net:sched: fix memory leak in tcindexpartialdestroywork Syzbot reported a memory leak in tcindexsetparms. The issue arose from the non-freeing of the perfect hash within tcindexpartialdestroywork. In tcindexsetparms, a new...

7.5CVSS6.2AI score0.00103EPSS

Packet Storm News•added 2026/05/12 12:0 a.m.•3 views

Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack

Agent benchmarks have become the de facto measure of frontier AI competence, guiding model selection, investment, and deployment. However, reward hacking, where agents maximize a score without performing the intended task, emerges spontaneously in frontier models without overfitting. We argue tha...

5.8AI score

Exploits0

RedhatCVE•added 2026/03/26 3:18 p.m.•0 views

CVE-2026-32345

Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through = 1.2.4...

Fedora•added 2026/03/19 12:18 a.m.•3 views

[SECURITY] Fedora 44 Update: mac-12.50-1.fc44

Monkey's Audio is a fast and easy way to compress digital music. Unlike traditional methods such as mp3, ogg, or lqt that permanently discard quality to save space, Monkey's Audio only makes perfect, bit-for-bit copies of your music. That means it always sounds perfect =E2=80=93 exactly t he same...

9.1CVSS5.8AI score0.00066EPSS

Exploits0

EUVD•added 2026/03/13 9:31 p.m.•1 views

EUVD-2026-11830

5.8AI score0.00044EPSS

CVE•added 2026/03/13 11:41 a.m.•3 views

CVE-2026-32345

CVE-2026-32345 relates to a Missing Authorization (Broken Access Control) vulnerability in the WordPress theme raratheme Perfect Portfolio, affecting Perfect Portfolio versions from n/a through 1.2.4. The available connected sources consistently describe a misconfigured access control but do not ...

Cvelist•added 2026/03/13 11:41 a.m.•23 views

CVE-2026-32345 WordPress Perfect Portfolio theme <= 1.2.4 - Broken Access Control vulnerability

5.3CVSS0.00044EPSS

ATTACKERKB•added 2026/03/13 11:41 a.m.•0 views

CVE-2026-32345

5.8AI score0.00044EPSS

Vulnrichment•added 2026/03/13 11:41 a.m.•0 views

CVE-2026-32345 WordPress Perfect Portfolio theme <= 1.2.4 - Broken Access Control vulnerability

5.8AI score0.00044EPSS

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin Perfect Portfolio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Positive Technologies•added 2026/03/13 12:0 a.m.•1 views

PT-2026-25192

RedhatCVE•added 2025/11/25 10:47 p.m.•2 views

Exploits0References3

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6.6AI score0.00028EPSS

Vulnrichment•added 2025/11/24 10:28 p.m.•2 views

CVE-2025-10144 Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection

6.5CVSS6.2AI score0.00028EPSS

CVE•added 2025/11/24 10:28 p.m.•8 views

CVE-2025-10144

CVE-2025-10144 concerns the Perfect Brands for WooCommerce plugin for WordPress. Wordfence reports a time-based SQL Injection via the brands attribute of the products shortcode in all versions up to 3.6.2, caused by insufficient escaping of user-supplied input and inadequate preparation of the ex...

6.5CVSS6.2AI score0.00028EPSS

CNNVD•added 2025/11/24 12:0 a.m.•1 views

WordPress plugin Perfect Brands for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS7.6AI score0.00028EPSS

Exploits0References3

RedhatCVE•added 2025/11/22 10:31 p.m.•2 views

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare extension...

7.5CVSS6.7AI score0.00013EPSS