CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:39 p.m.•6 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.5AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:18 p.m.•8 views

CVE-2026-45211

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.6AI score0.00223EPSS

Exploits0References1

NVD•added 2026/05/28 6:16 a.m.•12 views

CVE-2026-7533

4.3CVSS0.00135EPSS

ATTACKERKB•added 2026/05/28 5:30 a.m.•11 views

CVE-2026-7533

Cvelist•added 2026/05/28 5:30 a.m.•35 views

Exploits0References9

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

4.3CVSS0.00135EPSS

Vulnrichment•added 2026/05/28 5:30 a.m.•11 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

CVE•added 2026/05/28 5:30 a.m.•14 views

CVE-2026-7533

The CVE concerns the Easy Digital Downloads WordPress plugin (versions up to and including 3.6.7). The root cause is missing nonce verification in handle_oauth_redirect(), which runs on admin_init and processes Square OAuth tokens from a user-supplied GET parameter without CSRF token validation. ...

EUVD•added 2026/05/28 5:30 a.m.•9 views

EUVD-2026-32725

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44189

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handle oauth redirect function, which is registered on the admin init hook and processes Square OAuth tokens fr...

CNNVD•added 2026/05/28 12:0 a.m.•8 views

Exploits0References9

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00135EPSS

Packet Storm News•added 2026/05/22 12:0 a.m.•10 views

An Empirical Evaluation of LLM-Generated Code Security across Prompting Methods

The growing use of Large Language Models LLMs for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to issues such as weak encryption and improper input validation...

5.9AI score

Wired Threat Level•added 2026/05/20 4:24 p.m.•10 views

A New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His Lawyer

Attorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025...

5.8AI score

Vulnrichment•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-8610 TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter

The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.00294EPSS

Exploits0References4

CVE•added 2026/05/20 1:25 a.m.•12 views

CVE-2026-8610

The CVE describes an authorization bypass in the TypeSquare Webfonts for ConoHa WordPress plugin up to version 2.0.4. Authenticated users with subscriber-level access (or higher) can modify site-wide font settings by submitting a POST to any wp-admin page, bypassing proper authorization checks. F...

4.3CVSS5.7AI score0.00294EPSS

Exploits0References4

vulnersOsv•added 2026/05/19 7:54 p.m.•4 views

com.squareup.wire:com.squareup.wire.gradle.plugin (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-compiler (>=7.0.0-alpha01 <=7.0.0-alpha02) +11 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime-jvm MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source...

5.4AI score0.00055EPSS

vulnersOsv•added 2026/05/18 12:31 p.m.•5 views

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2026-7304 Source advisory: SNYK:PYTHON-SGLANG-17111815...

9.8CVSS5.4AI score0.00585EPSS

vulnersOsv•added 2026/05/18 12:31 p.m.•5 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-7304 Source advisory: OSV:GHSA-36M8-W8QF-G76P...

9.8CVSS5.4AI score0.00585EPSS