CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10729 matches found

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS5.9AI score0.23153EPSS

Exploits0References3

Nuclei•added 6 hours ago•18 views

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

6.1CVSS5.5AI score0.05005EPSS

Exploits0References1

Nuclei•added yesterday•43 views

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

9.8CVSS7.9AI score0.94274EPSS

Exploits1References5

Cvelist•added 2 days ago•19 views

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS0.0006EPSS

Exploits0References9

EUVD•added 2 days ago•4 views

EUVD-2026-33933

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

5.4CVSS5.8AI score0.00025EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-28116

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

5.9CVSS5.8AI score0.00031EPSS

Exploits0References2

Vulnrichment•added 2 days ago•3 views

CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-33924

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.8AI score0.00041EPSS

Exploits0References1

Vulnrichment•added 2 days ago•5 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•5 views

CVE-2026-42669

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

7.5CVSS5.8AI score0.00028EPSS

Exploits0References2

Vulnrichment•added 2 days ago•3 views

CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

7.5CVSS5.8AI score0.00028EPSS

Exploits0References1

NVD•added 2 days ago•5 views

CVE-2025-53302

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS0.00028EPSS

Exploits0References1

CVE•added 2 days ago•11 views

CVE-2025-53302

CVE-2025-53302 in WordPress Theme Constructor (<= 1.6.5) is a Missing Authorization / Broken Access Control issue. Publicly disclosed details indicate unauthenticated access to restricted functionality due to ACL constraints, affecting Constructor versions up to 1.6.5. CVSS v3.1 base score is ...

5.3CVSS5.8AI score0.00028EPSS

Exploits0References1

Cvelist•added 2 days ago•32 views

CVE-2025-52766 WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS0.00026EPSS

Exploits0References1

Vulnrichment•added 2 days ago•6 views

CVE-2025-52759 WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

7.1CVSS5.8AI score0.00033EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-3620

CVE-2026-3620 – Word Replacer (WordPress) is vulnerable to Stored Cross-Site Scripting via the replacement parameter in all versions up to 0.4. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with Administrator-level access and above to inje...

4.4CVSS6AI score0.00073EPSS

Exploits0References9

CVE•added 2 days ago•7 views

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

6.4CVSS6AI score0.00042EPSS

Exploits0References15

NVD•added 2 days ago•6 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS0.00043EPSS

Exploits0References9

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-10199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of t...

4.8CVSS5.2AI score0.00012EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by