CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

896 matches found

WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF

FluentCRM WordPress plugin = 2.9.87 contains a blind server-side request forgery caused by improper validation of the 'SubscribeURL' parameter, letting unauthenticated attackers make arbitrary web requests, exploit requires unconfigured SES bounce handling key. id: CVE-2026-7798 info: name:...

5.4CVSS5.9AI score0.00878EPSS

Exploits0References3

Nuclei•added 17 hours ago•2 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.4AI score0.19324EPSS

Exploits1References2

CVE•added 2 days ago•7 views

CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

9.2CVSS6.7AI score0.00245EPSS

Exploits0References3

NVD•added 5 days ago•5 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS0.00038EPSS

Exploits0References4

Vulnrichment•added 5 days ago•4 views

CVE-2026-10068 Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

7.5CVSS6.8AI score0.00038EPSS

Exploits0References4

Cvelist•added 5 days ago•23 views

CVE-2026-10068 Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

7.5CVSS0.00038EPSS

Exploits0References4

CVE•added 5 days ago•6 views

CVE-2026-10068

CVE-2026-10068 affects Shibby Tomato 1.28. The vulnerability lies in the SUBSCRIBE Call Handler’s miniupnpd component, specifically the send function in usr/sbin/miniupnpd, enabling server-side request forgery. The issue can be triggered remotely and is documented as affecting products superseded...

7.5CVSS6.8AI score0.00038EPSS

Exploits0References4

EUVD•added 5 days ago•4 views

EUVD-2026-33345

7.5CVSS5.6AI score0.00038EPSS

Exploits0References4

CNNVD•added 5 days ago•4 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from the send function in the us/sbin/miniupnpd file within the SUBSCRIBE Call Handler component, which involves...

7.5CVSS7.2AI score0.00038EPSS

Exploits0References4

Positive Technologies•added 5 days ago•5 views

PT-2026-44887

7.5CVSS5.6AI score0.00038EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/26 2:1 p.m.•8 views

Malicious code in saturn-bail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a29ae44bbeeb4d31d176d78d669615e7a508bd236620cc3724478100f9b6997 saturn-bail is a Baileys-derivative WhatsApp library that, on every makeWASocket call, schedules a 90-second timer which executes...

5.8AI score

Exploits0References1

ATTACKERKB•added 2026/05/22 7:50 a.m.•4 views

CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00878EPSS

Exploits0References9

Vulnrichment•added 2026/05/22 7:50 a.m.•2 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

5.4CVSS5.8AI score0.00878EPSS

Exploits0References8

EUVD•added 2026/05/22 7:50 a.m.•6 views

EUVD-2026-31418

5.4CVSS5.8AI score0.00878EPSS

Exploits0References8

Cvelist•added 2026/05/22 7:50 a.m.•23 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

5.4CVSS0.00878EPSS

Exploits0References8

Positive Technologies•added 2026/05/22 12:0 a.m.•5 views

PT-2026-42735

5.4CVSS5.8AI score0.00878EPSS

Exploits0References9

OSV•added 2026/05/21 9:36 a.m.•2 views

MAL-2026-4442 Malicious code in @shadowmd/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bcabb5263ecf1f1259bd5969a921866dbb808da4fda7b9d7708baeb60c21e6 Package name and description impersonate the Open Whisper Systems libsignal-node library. On require, index.js schedules install.js, which locates an...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 9:36 a.m.•4 views

Malicious code in @shadowmd/libsignal-node (npm)

5.8AI score

Exploits0References1

NVD•added 2026/05/11 5:16 p.m.•4 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00012EPSS

Exploits0References2

ATTACKERKB•added 2026/05/11 4:2 p.m.•1 views

CVE-2026-33356

7.7CVSS5.8AI score0.00012EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by