CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

CNNVD•added 2026/05/20 12:0 a.m.•3 views

WordPress plugin os-diagnosis-generator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00063EPSS

Exploits0References1

CVE•added 2026/03/21 3:26 a.m.•4 views

CVE-2026-1392

CVE-2026-1392 : The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1 due to missing nonce validation on the sr_minify_html_theme() function. This allows unauthenticated attackers to update plugin settings by convincing a si...

4.3CVSS5.7AI score0.00016EPSS

Exploits0References3

RedhatCVE•added 2025/11/12 3:46 a.m.•5 views

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS7.3AI score0.00196EPSS

Exploits0References1

EUVD•added 2025/10/24 6:31 p.m.•10 views

EUVD-2025-35886

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function...

7.6CVSS6.6AI score0.00075EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-27374

Malware in sbrugna...

7.2CVSS7AI score0.01953EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-3751

Malware in sbrugna...

4.3CVSS6.4AI score0.00404EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11804

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.01291EPSS

Exploits1References3

Cvelist•added 2025/04/17 12:0 a.m.•9 views

CVE-2025-29457

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

0.01291EPSS

Exploits1References2

CVE•added 2024/07/17 12:0 a.m.•78 views

CVE-2024-40420

CVE-2024-40420 is rejected/not used and does not represent an active vulnerability entry.

7.8AI score

Exploits0

Cvelist•added 2024/07/17 12:0 a.m.•12 views

CVE-2024-40420

...

Exploits0

Prion•added 2021/10/11 7:15 p.m.•8 views

Remote code execution

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/Theme Folder, where an attacker can access and execute arbitrary code...

6.5CVSS7.5AI score0.01953EPSS

Exploits1References1Affected Software1

CNNVD•added 2021/10/11 12:0 a.m.•1 views

PHPFusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

7.2CVSS7.9AI score0.01953EPSS

Exploits1References1

OSV•added 2021/09/28 2:15 p.m.•2 views

CVE-2021-34636

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...

8.8CVSS5.8AI score0.00109EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by