CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

199 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•0 views

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, part of the Oracle Java SE product suite component: Networking. The versions affected include Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for...

6.1CVSS6.5AI score0.00016EPSS

Exploits0References2

NVD•added 2026/05/17 1:16 p.m.•7 views

CVE-2018-25334

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS0.00015EPSS

Exploits0References3

ATTACKERKB•added 2026/05/17 12:12 p.m.•6 views

CVE-2018-25334

5.4CVSS5.8AI score0.00015EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/17 12:12 p.m.•36 views

CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

5.4CVSS0.00015EPSS

Exploits0References3

CVE•added 2026/05/17 12:12 p.m.•9 views

CVE-2018-25334

CVE-2018-25334 concerns Zechat 1.5 with a Cross-Site Request Forgery (CSRF) vulnerability that can bypass anti-CSRF protections via the hashtag parameter, enabling an attacker to induce unauthorized changes to user data. The root cause is described as exploitation of a CSRF token mechanism when a...

5.4CVSS5.8AI score0.00015EPSS

Exploits0References3

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37681

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS6.2AI score0.00246EPSS

Exploits0References8

CNNVD•added 2026/03/13 12:0 a.m.•2 views

WordPress plugin Social Icons Widget & Block by WPZOOM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00042EPSS

Exploits0References5

CNNVD•added 2026/03/07 12:0 a.m.•3 views

WordPress plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI 安全漏洞

4.3CVSS5.8AI score0.00015EPSS

Exploits0References7

CNNVD•added 2026/03/04 12:0 a.m.•2 views

WordPress plugin Seraphinite Accelerator 安全漏洞

4.3CVSS5.8AI score0.00013EPSS

Exploits0References5

CNNVD•added 2026/03/04 12:0 a.m.•3 views

WordPress plugin Gutena Forms 安全漏洞

6.5CVSS5.8AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/02/19 12:0 a.m.•4 views

WordPress plugin ACF Photo Gallery Field 安全漏洞

4.3CVSS5.8AI score0.0004EPSS

Exploits0References4

Positive Technologies•added 2026/02/18 12:0 a.m.•4 views

PT-2026-20222

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax change ticket status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attacker...

4.3CVSS5.5AI score0.00012EPSS

Exploits0References4

CNNVD•added 2026/02/18 12:0 a.m.•3 views

WordPress plugin Tickera – Sell Tickets & Manage Events 安全漏洞

4.3CVSS5.8AI score0.00012EPSS

Exploits0References3

Positive Technologies•added 2026/02/07 12:0 a.m.•2 views

PT-2026-6885

Name of the Vulnerable Software and Affected Versions The Bucketlister plugin for WordPress versions up to and including 0.1.5 Description The software contains a flaw that allows unauthorized modification of data. This is due to a missing capability check on the bucketlister do admin ajax...

4.3CVSS5.4AI score0.00039EPSS

Exploits0References4

CNNVD•added 2026/01/28 12:0 a.m.•1 views

WordPress plugin Rupantorpay has a security vulnerability

5.3CVSS5.8AI score0.00146EPSS

Exploits0References3

CNNVD•added 2026/01/24 12:0 a.m.•1 views

WordPress plugin Meta-box GalleryMeta has a security vulnerability

4.3CVSS5.8AI score0.00045EPSS

Exploits0References4

CNNVD•added 2026/01/23 12:0 a.m.•1 views

Ruoyi security vulnerabilities

Ruoyi is a backend management system developed by Ruoyi’s individual developer. The Ruoyi v4.8.2 version has a security vulnerability, which stems from improper access control in the update function. This vulnerability could allow unauthorized attackers to modify data beyond its intended scope...

9.1CVSS5.8AI score0.00021EPSS

Exploits1References4

OSV•added 2026/01/20 10:15 p.m.•1 views

UBUNTU-CVE-2026-21947

Vulnerability in Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human...

3.1CVSS5.8AI score0.00065EPSS

Exploits0References3

CNNVD•added 2026/01/20 12:0 a.m.•1 views

WordPress plugin NotificationX has a security vulnerability

4.3CVSS5.8AI score0.00045EPSS

Exploits0References3

CNNVD•added 2026/01/16 12:0 a.m.•1 views

WordPress plugin Rede Itaú for WooCommerce: Access control error vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by