CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

131 matches found

Cvelist•added 2026/04/08 8:30 a.m.•21 views

CVE-2026-39716 WordPress Flipmart theme <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through = 2.8...

5.3CVSS0.0004EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39716

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through = 2.8...

5.3CVSS5.9AI score0.0004EPSS

Exploits0References2

OPENSUSE Linux•added 2026/03/31 12:0 a.m.•3 views

gsl-2.8-5.1 on GA media (moderate)

gsl-2.8-5.1 on GA media Announcement ID: openSUSE-SU-2026:10449-1 Rating: moderate Cross-References: CVE-2024-50610 CVSS scores: CVE-2024-50610 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2024-50610 SUSE : 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N Affecte...

5.8CVSS5.9AI score0.00033EPSS

Exploits1

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-27841

Name of the Vulnerable Software and Affected Versions Jobs for WordPress versions through 2.8 Description An authorization issue exists in BlueGlass Interactive AG Jobs for WordPress job postings. This allows exploitation of incorrectly configured access control security levels. Recommendations...

7.5CVSS5.9AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-27864

Name of the Vulnerable Software and Affected Versions Elated-Themes Search & Go versions n/a through 2.8 Description An incorrect privilege assignment issue exists in Elated-Themes Search & Go. This allows for privilege escalation. The issue affects the searchgo component. Recommendations Update ...

9.8CVSS5.9AI score0.00062EPSS

Exploits0References4

RedhatCVE•added 2026/02/21 7:31 p.m.•5 views

CVE-2025-69380

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

7.5CVSS5.5AI score0.00065EPSS

Exploits0References1

Positive Technologies•added 2026/02/11 12:0 a.m.•2 views

PT-2026-7688

Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields...

7.5CVSS5.6AI score0.00033EPSS

Exploits0References4

Cvelist•added 2026/02/03 2:8 p.m.•22 views

CVE-2026-24997 WordPress Wired Impact Volunteer Management plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through = 2.8...

5.3CVSS0.00042EPSS

Exploits0References1

CVE•added 2026/02/03 2:8 p.m.•4 views

CVE-2026-24997

CVE-2026-24997 affects Wired Impact Volunteer Management (WordPress plugin) versions prior to 2.9, describing a Missing/Unauthorized Access vulnerability due to incorrectly configured access control. The CVE indicates unauthenticated access (no privileges required) with network attack vector and ...

5.3CVSS5.3AI score0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 2:8 p.m.•1 views

CVE-2026-24997

5.3AI score0.00042EPSS

Exploits0References2

OSV•added 2026/01/30 10:11 a.m.•5 views

RHSA-2026:1591 Red Hat Security Advisory: gimp:2.8 security update

Bulletin has no description...

7.8CVSS7.1AI score0.00096EPSS

Exploits1References9

OSV•added 2026/01/30 10:11 a.m.•2 views

RHSA-2026:1574 Red Hat Security Advisory: gimp:2.8 security update

Bulletin has no description...

7.8CVSS7.1AI score0.00096EPSS

Exploits1References9

Patchstack•added 2026/01/12 2:7 p.m.•4 views

WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Search & Go versions = 2.8...

8.1CVSS7.1AI score0.00222EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/12/16 12:0 a.m.•1 views

PT-2025-51378

Name of the Vulnerable Software and Affected Versions shinetheme Traveler Option Tree versions through 2.8 Description A flaw exists in shinetheme Traveler Option Tree that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. The issue is...

2.7CVSS6.3AI score0.00034EPSS

Exploits0References3

CVE•added 2025/11/24 6:32 a.m.•9 views

CVE-2025-13588

The CVE-2025-13588 affects lKinderBueno Streamity Xtream IPTV Player up to version 2.8. The vulnerable element is an unknown function in public/proxy.php, leading to server-side request forgery (SSRF) that can be triggered remotely. Public exploitation exists, with CVSS-derived notes indicating n...

6.5CVSS6.5AI score0.00052EPSS

Exploits0References6

OSV•added 2025/11/20 8:59 p.m.•0 views

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS6.5AI score0.00191EPSS

Exploits0References5