CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11966 matches found

EUVD•added 2026/01/09 10:4 a.m.•3 views

EUVD-2026-1768

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

7.1CVSS6.2AI score0.0028EPSS

Exploits0References4

EUVD•added 2026/01/09 9:59 a.m.•4 views

EUVD-2026-1758

This vulnerability allows authenticated attackers to execute commands via the hostname of the device...

10CVSS6.7AI score0.00361EPSS

Exploits0References2

EUVD•added 2026/01/09 9:19 a.m.•7 views

EUVD-2026-1762

The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the wppumend shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00191EPSS

Exploits0References4

EUVD•added 2026/01/09 8:20 a.m.•4 views

EUVD-2026-1774

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...

6.4CVSS4.3AI score0.00188EPSS

Exploits0References5

EUVD•added 2026/01/09 7:57 a.m.•3 views

EUVD-2026-1777

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

7.6CVSS6.2AI score0.00291EPSS

Exploits0References3

EUVD•added 2026/01/09 7:53 a.m.•2 views

EUVD-2026-1781

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

8.8CVSS6.3AI score0.00707EPSS

Exploits1References3

EUVD•added 2026/01/09 7:22 a.m.•4 views

EUVD-2026-1782

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS5AI score0.00353EPSS

Exploits0References3

EUVD•added 2026/01/09 6:34 a.m.•2 views

EUVD-2026-1802

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...

5.3CVSS5.5AI score0.00318EPSS

Exploits0References3

EUVD•added 2026/01/09 6:34 a.m.•3 views

EUVD-2026-1792

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fh fingerprint parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it...

7.2CVSS4.8AI score0.00247EPSS

Exploits0References3

EUVD•added 2026/01/09 6:34 a.m.•4 views

EUVD-2026-1805

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

5.3CVSS5.1AI score0.0028EPSS

Exploits0References3

EUVD•added 2026/01/09 6:34 a.m.•3 views

EUVD-2026-1801

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

5.3CVSS5.3AI score0.00262EPSS

Exploits0References3

EUVD•added 2026/01/09 6:34 a.m.•3 views

EUVD-2026-1794

The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS4.6AI score0.00199EPSS

Exploits0References3

EUVD•added 2026/01/09 6:31 a.m.•4 views

EUVD-2026-1809

Not used...

6.4AI score

Exploits0References1

EUVD•added 2026/01/09 6:31 a.m.•3 views

EUVD-2026-1811

Not used...

6.4AI score

Exploits0References1

EUVD•added 2026/01/09 6:17 a.m.•3 views

EUVD-2026-1790

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

5.1CVSS6.6AI score0.00145EPSS

Exploits0References2

EUVD•added 2026/01/09 6:15 a.m.•10 views

EUVD-2026-1798

Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code...

6.7CVSS6.7AI score0.00159EPSS

Exploits0References2

EUVD•added 2026/01/09 2:24 a.m.•4 views

EUVD-2026-1815

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory...

4.3CVSS6.5AI score0.00223EPSS

Exploits0References2

EUVD•added 2026/01/09 12:30 a.m.•2 views

EUVD-2026-1820

EUVD-2026-1820...

2.3CVSS6.4AI score0.00335EPSS

Exploits0References3

EUVD•added 2026/01/09 12:30 a.m.•3 views

EUVD-2026-1817

EUVD-2026-1817...

6.5CVSS6.4AI score0.09953EPSS

Exploits1References7