CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

218 matches found

CNNVD•added 2026/05/13 12:0 a.m.•4 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities, which stem from improper permission authorization checks by team...

7.1CVSS5.8AI score0.00009EPSS

Exploits0References1

Patchstack•added 2026/05/01 9:16 a.m.•2 views

WordPress Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin <= 2.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Team Members – GS Plugins versions = 2.5.8...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/01 9:16 a.m.•1 views

WordPress Team Members Showcase plugin <= 3.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Team Members versions = 3.3.0...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/02 12:0 a.m.•1 views

Hoppscotch 跨站脚本漏洞

Hoppscotch is an open-source API development environment created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the display names in tooltips created by team members, which had a storage-based cross-site...

5.4CVSS5.6AI score0.00035EPSS

Exploits0References2

Patchstack•added 2026/02/02 8:38 p.m.•2 views

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Nikolas - mdr in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

6.4CVSS8.3AI score0.00283EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/02 7:24 p.m.•3 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00229EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 11:59 a.m.•5 views

CVE-2018-19621

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team...

6.5CVSS6.8AI score0.00117EPSS

Exploits1References1

RedhatCVE•added 2026/01/06 6:5 p.m.•1 views

CVE-2025-59955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

7.1CVSS6.2AI score0.00059EPSS

Exploits1References1

Cvelist•added 2026/01/05 5:46 p.m.•23 views

CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint

7.1CVSS0.00059EPSS

Exploits1References1

CVE•added 2026/01/05 5:46 p.m.•4 views

CVE-2025-59955

Coolify (versions ≤ 4.0.0-beta.420.8) has an information disclosure in /api/v1/teams/{team_id}/members and /api/v1/teams/current/members, allowing authenticated team members to access the email_change_code of other users on the same team. This code is intended for single-use email-change verifica...

7.1CVSS5.8AI score0.00059EPSS

Exploits1References1Affected Software1

EUVD•added 2026/01/05 5:46 p.m.•1 views

EUVD-2025-206247

7.1CVSS5.7AI score0.00059EPSS

Exploits1References1

Vulnrichment•added 2026/01/05 5:46 p.m.•2 views

CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint

7.1CVSS5.8AI score0.00059EPSS

Exploits1References1

Positive Technologies•added 2026/01/05 12:0 a.m.•1 views

PT-2026-1315

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.420.8 Description Coolify is a self-hostable tool for managing servers, applications, and databases. The /api/v1/teams/team id/members and /api/v1/teams/current/members API endpoints allow...

7.1CVSS6.3AI score0.00059EPSS

Exploits1References4

Patchstack•added 2025/11/17 10:17 p.m.•4 views

WordPress Team Members Showcase plugin <= 3.4.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin Team Members Plugin versions = 3.4.0...

7.1CVSS6.3AI score0.00029EPSS

Exploits0References1Affected Software1

CNVD•added 2025/11/14 12:0 a.m.•2 views

WordPress Team Members Showcase plugin cross-site scripting vulnerability

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

4.8CVSS6AI score0.00029EPSS

Exploits0References1

RedhatCVE•added 2025/11/13 7:11 a.m.•3 views

CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

7.1CVSS6.5AI score0.00029EPSS

Exploits0References1

EUVD•added 2025/11/12 6:30 a.m.•2 views

EUVD-2025-119995

6.1CVSS6AI score0.00029EPSS

Exploits0References2