CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in mcp-server-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86 Package squats the unscoped npm name mcp-server-redis commonly invoked via npx mcp-server-redis by MCP/AI tooling looking for the official scoped Red...

5.5AI score

RedhatCVE•added 6 days ago•5 views

CVE-2026-43938

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS5.4AI score0.00013EPSS

RedhatCVE•added 6 days ago•7 views

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

8.1CVSS5.5AI score0.00123EPSS

RedhatCVE•added 6 days ago•7 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS5.6AI score0.00161EPSS

RedhatCVE•added 6 days ago•5 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.5AI score0.00039EPSS

Cvelist•added 6 days ago•33 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00043EPSS

Exploits2References2

Tenable Nessus•added 6 days ago•5 views

Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...

6.5CVSS5.5AI score0.00033EPSS

Exploits0References2

RedhatCVE•added 2026/05/28 8:13 p.m.•10 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.00065EPSS

NVD•added 2026/05/28 8:16 a.m.•8 views

CVE-2026-7634

7.2CVSS0.00161EPSS

Cvelist•added 2026/05/28 6:45 a.m.•31 views

CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

7.2CVSS0.00161EPSS

EUVD•added 2026/05/28 6:45 a.m.•8 views

EUVD-2026-32729

ATTACKERKB•added 2026/05/28 6:45 a.m.•8 views

CVE-2026-7634

Vulnrichment•added 2026/05/28 6:45 a.m.•5 views

Exploits0References15

CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

CVE•added 2026/05/28 6:45 a.m.•16 views

CVE-2026-7634

Technical details are not publicly available in the provided documents. Monitor for updates.

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44203

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Exploits0References15

WordPress plugin SlimStat Analytics 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00161EPSS