CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/18 7:39 p.m.•7 views

CVE-2026-25865

8.5CVSS6.3AI score0.00149EPSS

Exploits0References4

Cvelist•added 2026/06/18 7:39 p.m.•16 views

CVE-2026-25865 Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

8.5CVSS0.00149EPSS

EUVD•added 2026/06/18 7:39 p.m.•10 views

EUVD-2026-37940

8.5CVSS6.3AI score0.00149EPSS

CVE•added 2026/06/18 7:39 p.m.•18 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS

Positive Technologies•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50532

Name of the Vulnerable Software and Affected Versions Punto Switcher affected versions not specified Description An unquoted-path flaw allows the execution of attacker-placed code at the user's privilege level. This issue occurs during a call made by a signed Windows binary at launch, enabling...

8.5CVSS6.5AI score0.00149EPSS

Exploits0References13

RedhatCVE•added 2026/06/05 7:33 p.m.•11 views

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS5.4AI score0.00213EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•9 views

CVE-2026-6456

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS5.5AI score0.00385EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS5.4AI score0.0018EPSS

Exploits0References1

NVD•added 2026/05/28 5:16 a.m.•18 views

CVE-2026-9241

4.3CVSS0.00213EPSS

Cvelist•added 2026/05/28 3:27 a.m.•31 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

4.3CVSS0.00213EPSS

ATTACKERKB•added 2026/05/28 3:27 a.m.•8 views

CVE-2026-9241

EUVD•added 2026/05/28 3:27 a.m.•8 views

Exploits0References6

EUVD-2026-32703

Vulnrichment•added 2026/05/28 3:27 a.m.•8 views

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

Positive Technologies•added 2026/05/28 12:0 a.m.•9 views

PT-2026-44181

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the get value function in classes/fixed/fixed user role.php trusting the attacker-controlled $...

CNNVD•added 2026/05/28 12:0 a.m.•9 views

Exploits0References6

WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00213EPSS