CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/04/19 9:0 a.m.•3 views

CVE-2026-6563

creationtimestamp| type| source ---|---|--- 2026-04-19 09:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116430551736901385 2026-04-19 09:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjtlp2da3t22 2026-04-19 09:34:22+00:00| seen|...

9CVSS8.1AI score0.00053EPSS

Exploits0References5

NVD•added 2026/04/18 12:16 p.m.•0 views

CVE-2026-2986

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'otherattributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00012EPSS

ATTACKERKB•added 2026/04/18 11:16 a.m.•0 views

CVE-2026-2986

Vulnrichment•added 2026/04/18 11:16 a.m.•1 views

CVE-2026-2986 Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes'

EUVD•added 2026/04/18 11:16 a.m.•0 views

EUVD-2026-23674

Cvelist•added 2026/04/18 11:16 a.m.•30 views

CVE-2026-2986 Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes'

6.4CVSS0.00012EPSS

CVE•added 2026/04/18 11:16 a.m.•10 views

CVE-2026-2986

The Contextual Related Posts plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) via the 'other_attributes' parameter in versions up to and including 4.2.1, due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with cont...

Circl•added 2026/04/18 5:18 a.m.•1 views

CVE-2026-40492

creationtimestamp| type| source ---|---|--- 2026-04-18 05:18:34+00:00| published-proof-of-concept| Telegram/veDSMFN7ecyhltWdKUwpcYAyE-ogEw-qfchv6YBZH7Zn1oc 2026-04-18 05:38:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjqpx4bamu26 2026-04-18 06:00:28+00:00| seen|...

9.8CVSS4.8AI score0.00061EPSS

Positive Technologies•added 2026/04/18 12:0 a.m.•2 views

PT-2026-33602

Name of the Vulnerable Software and Affected Versions Contextual Related Posts versions prior to 4.2.2 Description The Contextual Related Posts plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary w...

CNNVD•added 2026/04/18 12:0 a.m.•5 views

Exploits0References5

WordPress plugin Contextual Related Posts 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00012EPSS

Patchstack•added 2026/04/17 9:46 p.m.•1 views

WordPress Contextual Related Posts plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Contextual Related Posts versions = 4.2.1...

6.4CVSS5.8AI score0.00012EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/17 7:17 p.m.•1 views

CVE-2026-33093 Anviz Products Missing Authorization

Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...

5.3CVSS5.8AI score0.00036EPSS

Veracode•added 2026/04/17 9:57 a.m.•7 views

Improper Verification

github.com/mattermost/mattermost-server is vulnerable to improper verification. The vulnerability is due to failure to validate that /share-issue-publicly post actions were created by the Jira plugin, which allows an attacker to exfiltrate Jira tickets by tricking victim users into interacting wi...

4.1CVSS5.8AI score0.00029EPSS

Exploits0References3Affected Software2

Circl•added 2026/04/17 7:30 a.m.•4 views

CVE-2026-6443

creationtimestamp| type| source ---|---|--- 2026-04-17 07:30:33+00:00| seen| https://infosec.exchange/users/offseq/statuses/116418873404290151 2026-04-17 07:30:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjofqe4pc425 2026-04-17 12:54:25+00:00| seen|...

9.8CVSS5AI score0.00027EPSS

Exploits0References18

NVD•added 2026/04/17 4:16 a.m.•2 views

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

6.5CVSS0.00015EPSS

Exploits0References8

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33399

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTR OVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The post edit action handler in Actions.php passes...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References9

Circl•added 2026/04/16 8:0 p.m.•3 views

CVE-2026-21719

creationtimestamp| type| source ---|---|--- 2026-04-16 20:00:00+00:00| seen| https://jvn.jp/en/jp/JVN78422311 2026-04-17 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116418519259243532 2026-04-17 06:00:31+00:00| seen|...

8.6CVSS7.1AI score0.00253EPSS

Exploits0References5

Circl•added 2026/04/16 1:15 p.m.•2 views

CVE-2026-6414

creationtimestamp| type| source ---|---|--- 2026-04-16 13:15:27+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mjmik2cvw22a 2026-04-16 13:36:32+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mjmjpo4gfc2n 2026-04-16 14:58:59+00:00| seen|...

5.9CVSS5.7AI score0.00016EPSS