CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/27 4:39 p.m.•4 views

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS5.8AI score0.00039EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/19 6:45 p.m.•3 views

MAL-2026-4655 Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

OSSF Malicious Packages•added 2026/05/19 6:45 p.m.•8 views

Exploits0References2

Malicious code in qr-code-styling-temp (npm)

HackRead•added 2026/05/17 11:55 a.m.•7 views

Exploits0References2

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases...

CNNVD•added 2026/05/13 12:0 a.m.•3 views

MISP modules 信任管理问题漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. Prior to version 3.0.7, there were vulnerabilities related to trust management in MISP modules. These vulnerabilities stemm...

5.8CVSS5.9AI score0.00007EPSS

RedhatCVE•added 2026/05/12 2:27 a.m.•5 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00153EPSS

CNNVD•added 2026/05/06 12:0 a.m.•2 views

WordPress plugin Mercado Pago payments for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS6AI score0.00017EPSS

Patchstack•added 2026/05/05 3:16 p.m.•1 views

WordPress Mercado Pago payments for WooCommerce plugin <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability

Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability discovered by Muhammad Sharief in WordPress Plugin Mercado Pago payments for WooCommerce versions = 8.7.11...

5.3CVSS5.8AI score0.00017EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/04 6:16 p.m.•2 views

CVE-2026-32834

8.7CVSS0.00153EPSS

Cvelist•added 2026/05/04 5:40 p.m.•28 views

CVE-2026-41471 Easy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code Endpoint

The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress po...

8.2CVSS0.00188EPSS

Vulnrichment•added 2026/05/04 5:40 p.m.•1 views

CVE-2026-41471 Easy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code Endpoint

8.2CVSS5.8AI score0.00188EPSS

Cvelist•added 2026/05/04 5:39 p.m.•32 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

8.7CVSS0.00153EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в chromium

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code...

6.5CVSS7.1AI score0.00427EPSS

Microsoft Secure•added 2026/04/30 3:0 p.m.•3 views

Email threat landscape: Q1 2026 trends and insights

In this article 1. Tycoon2FA disruption impact 2. QR code phishing attacks 3. CAPTCHA tactics 4. Malicious payloads 5. Business email compromise 6. Defending against email threats 7. Microsoft Defender detections During the first quarter of 2026 January-March, Microsoft Threat Intelligence detect...

6.1AI score

Malwarebytes•added 2026/04/13 7:2 a.m.•4 views

A week in security (April 6 – April 12)

Last week on Malwarebytes Labs: Fake Claude site installs malware that gives attackers access to your computer ClickFix finds a new way to infect Macs Scammers pose as Amazon support to steal your account NSFW app leak exposes 70,000 prompts linked to individual users 30,000 private Facebook imag...

5.7AI score

OSV•added 2026/04/11 3:17 p.m.•0 views

MINI-QR5R-P2QJ-G3FH

Bulletin has no description...

8.2CVSS5.7AI score0.00013EPSS

HackRead•added 2026/03/26 4:21 p.m.•3 views

Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected...

The Hacker News•added 2026/03/23 10:55 a.m.•1 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score