CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 3 days ago•6 views

CVE-2026-5767

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00012EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2026-5141

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3...

8.8CVSS5.4AI score0.00045EPSS

RedhatCVE•added 3 days ago•4 views

CVE-2026-45137

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

8.2CVSS5.6AI score0.00048EPSS

NVD•added last week•8 views

CVE-2026-45722

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to...

7.1CVSS0.0002EPSS

CNNVD•added 2026/06/01 12:0 a.m.•6 views

Excel MCP Server path traversal vulnerability

Excel MCP Server is an Excel and CSV file reading/writing/analysis tool developed by ishayoyo as a personal project. Versions of Excel MCP Server 1.0.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the filePath/outputPath parameters in...

6.5CVSS6.6AI score0.00057EPSS

Exploits0References6

Vulnrichment•added 2026/05/27 8:52 p.m.•6 views

CVE-2026-45137 Anchor: Program<'info, System> is not properly validated

8.2CVSS5.9AI score0.00048EPSS

EUVD•added 2026/05/27 5:31 a.m.•6 views

EUVD-2026-32083

The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'code' and 'c' shortcode in versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes in the...

6.4CVSS6AI score0.00032EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin Easy Prism Syntax Highlighter 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00032EPSS

CVE•added 2026/05/26 7:34 p.m.•12 views

CVE-2026-44214

CVE-2026-44214 concerns eventsource-encoder where unsanitized event and id fields can inject SSE line terminators, enabling forged SSE fields/messages. Affects versions prior to 1.0.2; patch released in 1.0.2 that validates/escapes those fields. Public advisories (GHSA, OSV, CVS) describe the imp...

5.8CVSS6AI score0.00015EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/26 7:34 p.m.•8 views

EUVD-2026-31968

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS5.9AI score0.00015EPSS

Exploits1References1

ATTACKERKB•added 2026/05/26 7:34 p.m.•5 views

CVE-2026-44214

5.8CVSS6AI score0.00015EPSS

Exploits1References2Affected Software1

Patchstack•added 2026/05/26 5:26 p.m.•6 views

WordPress Easy Prism Syntax Highlighter plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Prism Syntax Highlighter versions = 1.0.2...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/22 4:29 a.m.•5 views

CVE-2026-2518

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultpinstallcallback' and 'ultpactivatecallback' functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers...

CVE•added 2026/05/22 4:29 a.m.•11 views

Exploits0References4

CVE-2026-2518

The CVE-2026-2518 entry concerns the WordPress FastX theme. The vulnerability is due to missing capability checks in two callbacks, ultp_install_callback and ultp_activate_callback, affecting all versions up to and including 1.0.2. This allows authenticated attackers with Subscriber-level access ...

CNNVD•added 2026/05/22 12:0 a.m.•6 views

WordPress plugin FastX theme 安全漏洞

Positive Technologies•added 2026/05/22 12:0 a.m.•10 views

PT-2026-42722

Name of the Vulnerable Software and Affected Versions FastX theme for WordPress versions prior to 1.0.3 Description The FastX theme for WordPress allows authenticated attackers with Subscriber-level access or higher to install and activate the PostX plugin. This is caused by missing capability...