CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/06 2:28 a.m.•6 views

CVE-2026-7566

6.6CVSS5.9AI score0.00447EPSS

Exploits0References9

EUVD•added 2026/06/06 2:28 a.m.•9 views

EUVD-2026-34947

6.6CVSS5.9AI score0.00447EPSS

Exploits0References8

Positive Technologies•added 2026/06/06 12:0 a.m.•8 views

PT-2026-47129

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or...

6.6CVSS5.8AI score0.00447EPSS

Exploits0References12

RedhatCVE•added 2026/06/05 7:22 p.m.•6 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS5.9AI score0.00573EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•5 views

CVE-2026-3017

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

7.2CVSS5.9AI score0.00527EPSS

NVD•added 2026/05/20 4:16 a.m.•14 views

CVE-2026-7637

9.8CVSS0.00573EPSS

ATTACKERKB•added 2026/05/20 2:27 a.m.•4 views

CVE-2026-7637

9.8CVSS6.1AI score0.00573EPSS

Exploits0References3

Positive Technologies•added 2026/05/20 12:0 a.m.•13 views

PT-2026-42100

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...

9.8CVSS6.1AI score0.00573EPSS

Exploits0References3

NVD•added 2026/04/14 6:16 a.m.•2 views

CVE-2026-3017

7.2CVSS0.00527EPSS

CVE•added 2026/04/14 5:30 a.m.•14 views

CVE-2026-3017

The CVE-2026-3017 entry concerns the WordPress plugin Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts, affected up to version 3.0.12. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the import_shortcodes() function. With Administr...

EUVD•added 2026/04/14 5:30 a.m.•2 views

EUVD-2026-22221

Vulnrichment•added 2026/04/14 5:30 a.m.•2 views

CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

ATTACKERKB•added 2026/04/14 5:30 a.m.•4 views

CVE-2026-3017

NVD•added 2026/03/26 4:17 a.m.•5 views

Exploits0References3

CVE-2026-3328

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...

7.2CVSS0.00533EPSS

Exploits0References4

RedhatCVE•added 2026/03/06 2:37 p.m.•6 views

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6AI score0.00519EPSS