CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 4 days ago•7 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00059EPSS

Tenable Nessus•added 6 days ago•2 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : MediaWiki vulnerabilities (USN-8315-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8315-1 advisory. It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated...

7.5CVSS5.8AI score0.00038EPSS

Ubuntu•added 2026/05/27 8:39 a.m.•7 views

USN-8315-1: MediaWiki vulnerabilities

It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...

7.5CVSS5.8AI score0.00038EPSS

Exploits0

OSV•added 2026/05/27 8:39 a.m.•3 views

USN-8315-1 mediawiki vulnerabilities

7.5CVSS5.8AI score0.00038EPSS

CNNVD•added 2026/05/26 12:0 a.m.•4 views

vowpal_wabbit 安全漏洞

vowpalwabbit is an open-source fast online machine learning system developed by Vowpal Wabbit. There is a security vulnerability in vowpalwabbit, which stems from directly embedding PR titles into bash strings within the workflow. This could lead to arbitrary command execution...

9.9CVSS5.9AI score0.00045EPSS

Exploits1References3

NVD•added 2026/05/22 5:16 a.m.•6 views

CVE-2026-9104

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS0.00084EPSS

CVE•added 2026/05/22 3:39 a.m.•10 views

CVE-2026-9104

The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...

Vulnrichment•added 2026/05/22 3:39 a.m.•3 views

CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title

EUVD•added 2026/05/22 3:39 a.m.•4 views

EUVD-2026-31405

EUVD•added 2026/05/22 12:31 a.m.•4 views

EUVD-2026-31358

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information. The Concrete CMS security te...

6.3CVSS5.8AI score0.00031EPSS

Exploits0References2

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42730