CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/18 3:41 a.m.•29 views

CVE-2026-10023 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

4.3CVSS0.0025EPSS

EUVD•added 2026/06/18 3:41 a.m.•9 views

EUVD-2026-37835

4.3CVSS5.6AI score0.0025EPSS

CVE•added 2026/06/18 3:41 a.m.•25 views

CVE-2026-10023

Dok an: AI Powered WooCommerce Marketplace Solution

4.3CVSS5.7AI score0.0025EPSS

EUVD•added 2026/06/17 6:35 p.m.•8 views

EUVD-2025-210250

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS5.7AI score0.00383EPSS

NVD•added 2026/06/17 2:17 p.m.•7 views

CVE-2025-59554

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS0.00383EPSS

Cvelist•added 2026/06/17 12:47 p.m.•26 views

CVE-2025-59554 WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS0.00383EPSS

Cvelist•added 2026/06/16 7:27 p.m.•13 views

CVE-2026-46807

...

9.8CVSS0.00518EPSS

CVE•added 2026/06/16 7:27 p.m.•8 views

CVE-2026-46806

Technical details (affected product, component, version, root cause or remediation) are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE feeds.

8.2CVSS5.2AI score0.00317EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2026/06/16 2:14 a.m.•11 views

Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.2AI score0.0023EPSS

Exploits0

GithubExploit•added 2026/06/15 9:35 a.m.•61 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score

Exploits0

EUVD•added 2026/06/12 8:57 p.m.•9 views

EUVD-2026-36589

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS5.3AI score0.0021EPSS

NVD•added 2026/06/12 7:16 p.m.•15 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS

Cvelist•added 2026/06/12 6:3 p.m.•34 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

9.8CVSS0.0033EPSS

OSV•added 2026/06/12 12:28 p.m.•6 views

OESA-2026-2680 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, ...

5.9CVSS5.3AI score0.00218EPSS

NVD•added 2026/06/11 12:16 p.m.•15 views

CVE-2022-47150

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS0.00113EPSS