CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8228 matches found

EUVD•added 2026/03/05 12:10 a.m.•3 views

EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

7CVSS5.9AI score0.00023EPSS

Exploits0References7

CNNVD•added 2026/03/05 12:0 a.m.•6 views

WordPress plugin Police Department 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•3 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.1 contained security vulnerabilities. These vulnerabilities stemmed from Twitch plugins that did not enforce the allowFrom permission list properly, allowing remote attackers to bypass access control...

9.4CVSS5.8AI score0.0012EPSS

Exploits1References3

CNNVD•added 2026/03/05 12:0 a.m.•5 views

WordPress plugin Consultor 安全漏洞

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Legrand 安全漏洞

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•3 views

WordPress plugin Estate 代码问题漏洞

9.8CVSS5.9AI score0.00061EPSS

Exploits0References1

Tenable Nessus•added 2026/03/05 12:0 a.m.•1 views

AlmaLinux 9 : containernetworking-plugins (ALSA-2026:3341)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3341 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

10CVSS6AI score0.00045EPSS

Exploits3References5

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23243

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through = 1.4.4...

5.9AI score0.00045EPSS

Exploits0References2

CNNVD•added 2026/03/05 12:0 a.m.•3 views

WordPress plugin Honor 安全漏洞

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Awa Plugins 跨站脚本漏洞

7.1CVSS5.7AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23264

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

5.9AI score0.00054EPSS

Exploits0References2

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin inseri core 安全漏洞

5.9CVSS5.8AI score0.00047EPSS

Exploits0References1

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress,WordPress plugin 安全漏洞

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/04 7:30 p.m.•32 views

CVE-2026-28427 OpenDeck affected by path traversal allows arbitrary file read

OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended...

5.9CVSS0.00091EPSS

Exploits1References2

OSV•added 2026/03/04 5:16 p.m.•5 views

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS5.8AI score

Exploits0References3

Snyk•added 2026/03/04 4:14 p.m.•2 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element in the legacy system-wide cli-plugin path. An attacker can gain elevated privileges by placing a crafted binary in C:\ProgramData\Docker\cli-plugins directory that is searched by the application when...

8CVSS5.8AI score0.00023EPSS

Exploits0References3

Cvelist•added 2026/03/04 4:14 p.m.•29 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

7CVSS0.00023EPSS

Exploits0References3

CVE•added 2026/03/04 4:14 p.m.•27 views

CVE-2025-15558

Docker Desktop vulnerability CVE-2025-15558 involves the Docker CLI for Windows. The CLI searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (e.g....

8CVSS5.9AI score0.00023EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/04 4:14 p.m.•3 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

7CVSS5.9AI score0.00023EPSS

Exploits0References3

RedHat Linux•added 2026/03/04 3:0 p.m.•2 views

Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.9.0 release.

Red Hat Developer Hub 1.9.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

7.5CVSS6.5AI score0.00158EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by