CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35722 matches found

CVE-2026-11458

creationtimestamp| type| source ---|---|--- 2026-06-07 09:02:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnosjyzka32k 2026-06-07 09:02:35+00:00| seen| https://infosec.exchange/users/offseq/statuses/116708004613032981...

6.9CVSS5.3AI score

Exploits0References2

Circl•added 9 hours ago•6 views

CVE-2026-11455

creationtimestamp| type| source ---|---|--- 2026-06-07 09:02:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnosjxyvqf24...

5CVSS5.3AI score

Exploits0References1

RedhatCVE•added 9 hours ago•8 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00045EPSS

Exploits0References1

Imperva Blog•added 10 hours ago•5 views

The Clock Is Already Ticking: Why Post-Quantum Cryptography Can’t Wait

There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does not start with "we had a breach" or "we failed an audit." It starts with something that sounds almost philosophical: " Are we quantum-safe?" A year ago, that...

5.6AI score

Exploits0

Nuclei•added 15 hours ago•35 views

Flatpress < v1.2.1 - Cross Site Scripting

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...

5.4CVSS5.7AI score0.24491EPSS

Exploits1References3

Nuclei•added 15 hours ago•33 views

PuneethReddyHC action.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input. id: CVE-2021-41648 info: name: PuneethReddyHC action.php SQL Injection author: daffainfo severity: high descriptio...

9.8CVSS7.5AI score0.91916EPSS

Exploits6References5

Nuclei•added 15 hours ago•16 views

Post Grid <= 2.2.50 - Information Exposure via REST API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...

7.5CVSS7.3AI score0.31499EPSS

Exploits0References3

Nuclei•added 15 hours ago•8 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS5.3AI score0.00199EPSS

Exploits1References2

Nuclei•added 15 hours ago•39 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.1AI score0.0068EPSS

Exploits1References4

Nuclei•added 15 hours ago•13 views

WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

The Frontend File Manager plugin 4.0 and N-Media Post Front-end Form plugin 1.1 for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. id:...

9.8CVSS6AI score0.75827EPSS

Exploits2References5

Nuclei•added 15 hours ago•34 views

Combo Blocks < 2.2.76 - Improper Access Control

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts id:...

5.4CVSS5.4AI score0.13073EPSS

Exploits2References3

Nuclei•added 15 hours ago•19 views

Post SMTP <= 3.6.0 - Email Log Disclosure

Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...

9.8CVSS8AI score0.1525EPSS

Exploits1References3

Nuclei•added 15 hours ago•20 views

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

6.1CVSS5.8AI score0.02196EPSS

Exploits2References4

Nuclei•added 15 hours ago•27 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.3AI score0.00385EPSS

Exploits1References4

Nuclei•added 15 hours ago•39 views

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

5.3CVSS5.9AI score0.85436EPSS

Exploits2References5

Nuclei•added 15 hours ago•26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.6AI score0.02329EPSS

Exploits1References2

Nuclei•added 15 hours ago•11 views

St. Joe ERP system - SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

9.8CVSS6.2AI score0.09015EPSS

Exploits1References2

Nuclei•added 15 hours ago•36 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.3AI score0.05369EPSS

Exploits1References3

Nuclei•added 15 hours ago•28 views

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

6.5CVSS6.5AI score0.80804EPSS

Exploits2References3

Nuclei•added 15 hours ago•16 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS5.4AI score0.00989EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by