CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

292 matches found

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS5.9AI score0.25047EPSS

Exploits2References2

IBM Security Bulletins•added 3 days ago•6 views

Security Bulletin:Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS5.8AI score0.00065EPSS

Exploits0Affected Software1

OSV•added 2026/05/06 2:42 p.m.•4 views

BIT-JAVA-MIN-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.7AI score0.00208EPSS

Exploits0References15

CVE•added 2026/03/07 4:31 p.m.•4 views

CVE-2026-30855

WeKnora exposes a broken access control in its tenant management endpoints, enabling any authenticated user to read, modify, or delete tenants by ID without ownership checks. The policy bypass affects endpoints like GET /api/v1/tenants, GET /api/v1/tenants/{id}, PUT /api/v1/tenants/{id}, and DELE...

8.8CVSS5.7AI score0.00171EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/03/04 12:0 a.m.•2 views

Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 安全漏洞

Cisco Secure Firewall Threat Defense and Cisco IOS XE Software are both products of the American company Cisco. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco IOS XE Software is a network operating system. Both Cisco Secure Firewall Threat Defense and Cisco IOS XE...

5.8CVSS5.9AI score0.00042EPSS

Exploits0References2

Positive Technologies•added 2026/01/14 12:0 a.m.•8 views

PT-2026-2827

Name of the Vulnerable Software and Affected Versions WordPress List Site Contributors plugin versions up to and including 1.1.8 Description The List Site Contributors plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input sanitization and output...

6.1CVSS5.7AI score0.01666EPSS

Exploits1References7

RedhatCVE•added 2026/01/09 10:13 a.m.•5 views

CVE-2019-2668

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Print Server. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.2CVSS7.2AI score0.00845EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:14 a.m.•5 views

CVE-2022-23438

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting XSS attack in the captive portal authenticatio...

6.1CVSS6.2AI score0.00589EPSS

Exploits0References1

Positive Technologies•added 2025/12/06 12:0 a.m.•2 views

PT-2025-49343

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplp api update text' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via ...

4.3CVSS5.4AI score0.00011EPSS

Exploits0References4