CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE-2026-9185

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00075EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-35307

7.5CVSS5.5AI score0.00075EPSS

Exploits0References11

SUSE CVE•added 2026/05/26 1:52 a.m.•15 views

SUSE CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

7.5CVSS5.6AI score0.00052EPSS

Exploits1References3

RedhatCVE•added 2026/05/25 7:38 a.m.•13 views

CVE-2026-42268

A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...

8.2CVSS5.7AI score0.00052EPSS

Exploits1References4

CVE•added 2026/05/12 9:40 p.m.•14 views

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

8.2CVSS5.6AI score0.00052EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/05/01 12:0 a.m.•3 views

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...

8.2CVSS5.8AI score0.00057EPSS

Exploits0References11

HackRead•added 2024/11/20 6:42 p.m.•9 views

US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…...

7.3AI score

Exploits0

OSSF Malicious Packages•added 2024/07/27 3:2 a.m.•3 views

Malicious code in ent-widget-ssn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d56160353925d7d4c18c2e8cc517fa031138c0b57634f16503d9db72ccbb6087 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

Exploits0References1

OSV•added 2024/07/27 3:2 a.m.•4 views

MAL-2024-7818 Malicious code in ent-widget-ssn (npm)

7AI score

Exploits0References1

Malwarebytes•added 2024/04/12 4:20 p.m.•12 views

How to change your Social Security Number

After seeing their Social Security Number SSN leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if youve ever had to abandon an email address that you used for years,...

6.8AI score

Exploits0

Malwarebytes•added 2024/04/11 7:33 p.m.•31 views

How to check if your data was exposed in the AT&T breach

AT&T has notified US state authorities and regulators about its recent or not data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of...

7.1AI score

Exploits0

Kitploit•added 2023/12/27 11:30 a.m.•39 views

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction.. | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

7.6AI score

Exploits0References2

Krebs on Security•added 2023/11/28 3:57 p.m.•18 views

ID Theft Service Resold Access to USInfoSearch Data

One of the cybercrime undergrounds more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram...

6.9AI score

Exploits0

Malwarebytes•added 2023/11/13 10:8 p.m.•20 views

State of Maine data breach impacts 1.3 million people

The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, thats more or less the the entire population of Maine. The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit...

7.1AI score

Exploits0

Imperva Blog•added 2023/10/09 4:31 p.m.•31 views

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

7.3AI score

Exploits0

Krebs on Security•added 2023/04/18 8:59 p.m.•17 views

Giving a Face to the Malware Proxy Service ‘Faceless’

For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post...

6.8AI score

Exploits0

ThreatPost•added 2021/10/15 5:44 p.m.•59 views

Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. The newspaper verified its findings with...

6.4AI score

Exploits0References8

HackRead•added 2021/08/20 12:10 a.m.•13 views

AT&T breach? ShinyHunters selling AT&T database with 70 million SSN

By Waqas In a post published on an infamous hacker forum and marketplace Raid Forums, ShinyHunters is offering the database for starting price of $200k. This is a post from HackRead.com Read the original post: AT&T breach? ShinyHunters selling AT&T database with 70 million SSN...

2.4AI score

Exploits0

Krebs on Security•added 2021/08/18 4:24 p.m.•39 views

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and drivers license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after million...

6.8AI score

Exploits0

CVE•added 2021/05/06 11:0 p.m.•44 views

CVE-2021-32077

CVE-2021-32077 – VerityStream MSOW Solutions : A information disclosure vulnerability affects versions prior to 3.1.1, allowing an anonymous user to brute-force a (sometimes hidden) search field where the last four SSN digits are included in the supported selectors. This enables disclosure of doc...

7.5CVSS7.4AI score0.0036EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by