CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

214 matches found

OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

7.5CVSS7.1AI score0.01268EPSS

Exploits0References3

Nuclei•added yesterday•7 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS5.8AI score0.00669EPSS

Exploits0References3

EUVD•added 2 days ago•6 views

EUVD-2026-38167

Capgo before 12.128.2 contains an unauthenticated security definer RPC function getidentityapikeyonly that returns the owning userid for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys t...

8.7CVSS5.9AI score

Exploits0References2

Nuclei•added 5 days ago•21 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7.5AI score0.68846EPSS

Exploits5References2

EUVD•added 6 days ago•7 views

EUVD-2026-37671

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

7.5CVSS5.2AI score0.00303EPSS

Exploits0References2

Patchstack•added 6 days ago•6 views

WordPress Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Umut Can Yurdayardım in WordPress Plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets versions = 1.3.13.1...

5.3CVSS5.3AI score0.0031EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•26 views

CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00245EPSS

Exploits0References1

CVE•added 6 days ago•12 views

CVE-2026-52696

CVE-2026-52696 concerns the WordPress JetBlog plugin (versions <= 2.4.8) and describes an unauthenticated sensitive data exposure. The entry specifies a CVSS 3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and impact limited to confidentia...

7.5CVSS5.2AI score0.00245EPSS

Exploits0References1

Cvelist•added 6 days ago•26 views

CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

7.5CVSS0.00303EPSS

Exploits0References1

Patchstack•added 6 days ago•5 views

WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability

Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...

5.3CVSS5.3AI score0.00331EPSS

Exploits0References1Affected Software1