CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/06/04 12:0 p.m.•6 views

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +19 more potentially affected by unknown CVE via pqcrypto-falcon (>=0.2.10 <=0.4.1)

pqcrypto-falcon CARGO version =0.2.10, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.12.2, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0165...

5.5AI score

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-49127

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.3AI score

Exploits0References4

Microsoft CVE•added 2026/05/16 8:4 a.m.•17 views

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

8.8CVSS5.8AI score0.00284EPSS

OSV•added 2026/05/12 3:49 a.m.•3 views

MINI-P52Q-X3PF-5PQ5

Bulletin has no description...

6.1CVSS5.7AI score0.00314EPSS

RedhatCVE•added 2026/03/26 3:10 p.m.•5 views

CVE-2026-1397

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...

Patchstack•added 2026/03/23 7:27 p.m.•7 views

Exploits0References1

WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability

WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...

6.4CVSS5.8AI score0.00193EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•4 views

EUVD-2026-14153

NVD•added 2026/03/21 4:16 a.m.•7 views

Exploits0References6

CVE-2026-1397

6.4CVSS0.00193EPSS

Vulnrichment•added 2026/03/21 3:27 a.m.•1 views

CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes

CVE•added 2026/03/21 3:27 a.m.•7 views

CVE-2026-1397

Summary: The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) via widget attributes in all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping on the html_tag parameter in the PQ Section ...

ATTACKERKB•added 2026/03/21 3:27 a.m.•3 views

CVE-2026-1397

Cvelist•added 2026/03/21 3:27 a.m.•28 views

Exploits0References6

CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes

6.4CVSS0.00193EPSS

Positive Technologies•added 2026/03/21 12:0 a.m.•12 views

PT-2026-26810

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the html tag parameter in the PQ Section Title widget. This...

CNNVD•added 2026/03/21 12:0 a.m.•5 views

Exploits0References6

WordPress plugin PQ Addons – Creative Elementor Widgets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00193EPSS

Github Security Blog•added 2026/02/18 10:33 p.m.•12 views

uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...

5.5AI score

Exploits0References4Affected Software1

OSV•added 2026/02/18 10:33 p.m.•7 views

GHSA-RRXV-PMQ9-X67R uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

2.3CVSS5.5AI score

Exploits0References4

CVE•added 2025/12/27 7:21 p.m.•41 views

CVE-2025-14180

CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...

8.2CVSS6.5AI score0.00573EPSS

Exploits2References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2021-32226

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00828EPSS

Exploits0References1

Krebs on Security•added 2025/09/11 5:40 p.m.•10 views

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners ofStark Industries Solutions Ltd. , a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But ne...

7AI score