CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/09 3:41 a.m.•14 views

CVE-2026-8907

CVE-2026-8907 affects the WordPress plugin WP-Ultimate-Map (versions ≤ 1.1). The root cause is missing nonce validation on the process_init() handler (hooked to admin_init), which saves settings (zoom-level, focus-lat, focus-lng, sel_places, sel_routes) based solely on a save-setting POST paramet...

6.1CVSS5.5AI score0.00119EPSS

EUVD•added 2026/06/09 3:41 a.m.•6 views

EUVD-2026-35302

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS

Vulnrichment•added 2026/06/09 3:41 a.m.•5 views

CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

5.3CVSS5.6AI score0.00273EPSS

Cvelist•added 2026/06/09 3:41 a.m.•28 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS0.00128EPSS

Exploits0References5

Vulnrichment•added 2026/06/09 3:41 a.m.•5 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

4.3CVSS5.4AI score0.00128EPSS

Exploits0References5

NVD•added 2026/06/09 1:16 a.m.•7 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS

NVD•added 2026/06/09 1:16 a.m.•11 views

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

9.8CVSS0.00402EPSS

EUVD•added 2026/06/09 12:33 a.m.•6 views

EUVD-2026-35217

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00151EPSS

EUVD•added 2026/06/09 12:33 a.m.•7 views

EUVD-2026-35223

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00195EPSS

EUVD•added 2026/06/09 12:33 a.m.•10 views

EUVD-2026-35258

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00225EPSS

EUVD•added 2026/06/09 12:33 a.m.•6 views

EUVD-2026-35276

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00221EPSS

EUVD•added 2026/06/09 12:33 a.m.•5 views

EUVD-2026-35266

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.5AI score0.0019EPSS

Vulnrichment•added 2026/06/09 12:21 a.m.•5 views

CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform

4.3CVSS5.5AI score0.00109EPSS

CVE•added 2026/06/09 12:21 a.m.•23 views

CVE-2026-44755

CVE-2026-44755 affects SAP Business Objects Business Intelligence Platform. The issue arises from insufficient validation of email sending parameters by authenticated users, enabling email spoofing. Impact is described as low for integrity and no impact on confidentiality or availability (CVSS v3...

4.3CVSS5.5AI score0.00109EPSS

CVE•added 2026/06/09 12:20 a.m.•91 views

CVE-2026-27671

Technical details about CVE-2026-27671 are not publicly available in the provided documents. Monitor for updates from SAP/security advisories.

9.8CVSS5.5AI score0.00402EPSS

Vulnrichment•added 2026/06/09 12:20 a.m.•4 views

CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform

9.8CVSS5.5AI score0.00402EPSS

NVD•added 2026/06/09 12:16 a.m.•7 views

CVE-2026-11691

3.1CVSS0.00151EPSS

NVD•added 2026/06/09 12:16 a.m.•11 views

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00151EPSS

NVD•added 2026/06/09 12:16 a.m.•5 views

CVE-2026-11676

8.3CVSS0.00221EPSS