CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Cvelist•added 2026/05/15 4:13 p.m.•33 views

CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange

OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...

9.1CVSS0.00057EPSS

Exploits0References1

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-36946

Name of the Vulnerable Software and Affected Versions openmrs-api versions prior to 2.7.9 openmrs-api versions prior to 2.8.6 Description Server-side template injection SSTI occurs via Velocity, which allows for remote code execution RCE. SSTI is a flaw where an attacker can inject malicious code...

9.1CVSS6.5AI score0.00057EPSS

Exploits0References12

RedhatCVE•added 2026/03/27 10:51 p.m.•4 views

CVE-2026-33486

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...

6.8CVSS5.9AI score0.00014EPSS

Exploits1References1

NVD•added 2026/03/25 5:16 p.m.•2 views

CVE-2026-25327

Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through = 2.7.9...

6.5CVSS0.00057EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-27899

Name of the Vulnerable Software and Affected Versions Rustaurius Five Star Restaurant Reservations versions through 2.7.9 Description An authorization issue exists in Rustaurius Five Star Restaurant Reservations restaurant-reservations, allowing exploitation due to incorrectly configured access...

6.5CVSS5.9AI score0.00057EPSS

Exploits0References3

Patchstack•added 2026/03/23 2:28 p.m.•2 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.9...

6.5CVSS5.8AI score0.00057EPSS

Exploits0Affected Software1

EUVD•added 2026/03/13 9:31 p.m.•0 views

EUVD-2026-11808

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

5.8AI score0.00042EPSS

Exploits0References2

NVD•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-32332

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

5.3CVSS0.00042EPSS

Exploits0References1

Cvelist•added 2026/03/13 11:41 a.m.•22 views

CVE-2026-32332 WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

5.3CVSS0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/03/13 11:41 a.m.•0 views

CVE-2026-32332

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

5.8AI score0.00042EPSS

Exploits0References2

NVD•added 2026/01/23 3:16 p.m.•3 views

CVE-2026-24583

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through = 2.7.9...

5.3CVSS0.00077EPSS

Exploits0References1

ATTACKERKB•added 2026/01/23 2:28 p.m.•1 views

CVE-2026-24583

5.3CVSS5.9AI score0.00077EPSS

Exploits0References2

CVE•added 2026/01/23 2:28 p.m.•5 views

CVE-2026-24583

CVE-2026-24583 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin SumUp Payment Gateway For WooCommerce, affecting versions through 2.7.9. The issue stems from incorrectly configured access control security levels, enabling unauthorized access to certain oper...

5.3CVSS5.4AI score0.00077EPSS

Exploits0References1

Positive Technologies•added 2026/01/23 12:0 a.m.•1 views

PT-2026-4421

Name of the Vulnerable Software and Affected Versions SumUp Payment Gateway For WooCommerce versions through 2.7.9 Description The SumUp Payment Gateway For WooCommerce has a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

5.3AI score0.00077EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:28 a.m.•1 views

CVE-2023-49833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9...

6.5CVSS6.7AI score0.00124EPSS

Exploits0References1

CNNVD•added 2025/05/19 12:0 a.m.•1 views

WordPress plugin Exclusive Addons Elementor 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin...

5.9CVSS5.4AI score0.0017EPSS

Exploits0References1

Positive Technologies•added 2025/02/15 12:0 a.m.•1 views

PT-2025-6498 · WordPress · Directorypress Frontend

Name of the Vulnerable Software and Affected Versions: DirectoryPress Frontend plugin for WordPress versions up to, and including, 2.7.9 Description: The issue is due to missing or incorrect nonce validation on the dpfl listingStatusChange function, making it possible for unauthenticated attacker...

4.3CVSS9.4AI score0.00077EPSS

Exploits0References8

Patchstack•added 2025/02/14 10:34 p.m.•2 views

WordPress DirectoryPress Frontend plugin <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update vulnerability

Cross-Site Request Forgery to Listing Status Update vulnerability discovered by incognito in WordPress Plugin DirectoryPress Frontend versions = 2.7.9...

4.3CVSS7AI score0.00077EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/11/04 11:29 p.m.•12 views

CVE-2023-34443 Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting XSS are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

8.8CVSS0.00179EPSS

Exploits0References2

Positive Technologies•added 2024/11/04 12:0 a.m.•1 views

PT-2024-12483 · Comodo · Combodo Itop

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.9 Combodo iTop versions prior to 3.0.4 Combodo iTop versions prior to 3.1.0 Description: The issue is related to a Cross-site Scripting XSS vulnerability in Combodo iTop, a web-based IT Service Management...

8.8CVSS6.2AI score0.00179EPSS

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by