CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

298 matches found

Positive Technologies•added 2 days ago•7 views

PT-2026-45707

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add to cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectp add to cart...

6.4CVSS6AI score0.00042EPSS

Exploits0References16

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS0.00068EPSS

Exploits0References1

NVD•added 2026/05/27 11:16 a.m.•5 views

CVE-2026-42732

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS0.00068EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•24 views

CVE-2026-42744 WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

6.5CVSS0.00068EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•3 views

CVE-2026-42744 WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

6.5CVSS5.8AI score0.00068EPSS

Exploits0References1

EUVD•added 2026/05/27 9:49 a.m.•3 views

EUVD-2026-32183

6.5CVSS5.8AI score0.00068EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•5 views

CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

6.5CVSS5.8AI score0.00068EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•22 views

CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

6.5CVSS0.00068EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:49 a.m.•4 views

CVE-2026-42732

6.5CVSS5.8AI score0.00068EPSS

Exploits0References2

Snyk•added 2026/05/27 12:47 a.m.•5 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the rsa key exchange process when handling an extremely short premaster secret sent to a server using an RSA key backed by a PKCS11 token. An attacker can access sensitive informatio...

8.8CVSS5.8AI score0.00232EPSS

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43653

6.5CVSS5.8AI score0.00068EPSS

Exploits0References2

OSV•added 2026/05/18 6:7 a.m.•3 views

BIT-GITLAB-2025-14869 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS5.8AI score0.00035EPSS

Exploits0References4

ATTACKERKB•added 2026/05/15 6:37 p.m.•2 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.0005EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/15 6:37 p.m.•28 views

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

7.5CVSS0.0005EPSS

Exploits0References1

CVE•added 2026/05/14 5:38 a.m.•6 views

CVE-2025-14869

GitLab CVE-2025-14869 affects GitLab CE/EE versions 18.5–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. It could allow an unauthenticated attacker to cause a denial of service by sending specially crafted payloads to certain API endpoints. CVSSv3.1 base score 7.5 (HIGH), with NETW...

7.5CVSS5.8AI score0.00035EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/14 3:27 a.m.•5 views

EUVD-2026-30218

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References8

CVE•added 2026/05/14 3:27 a.m.•6 views

CVE-2026-7648

The LearnPress WordPress LMS plugin (versions up to 4.3.5) is affected by a payment bypass via a user-controlled parameter in the REST API. In add_to_cart(), unsanitized request parameters are passed via array_merge(), allowing an attacker with subscriber-level access or higher to overwrite hardc...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References8

Cvelist•added 2026/05/14 3:27 a.m.•31 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

4.3CVSS0.00013EPSS

Exploits0References8

Vulnrichment•added 2026/05/14 3:27 a.m.•3 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

4.3CVSS5.8AI score0.00013EPSS

Exploits0References8

Patchstack•added 2026/04/21 10:51 a.m.•4 views

WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.2.2...

5.8AI score

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by