CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added 2026/03/20 6:16 a.m.•0 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.4CVSS0.00018EPSS

Exploits0References3

ATTACKERKB•added 2026/03/20 5:56 a.m.•2 views

CVE-2026-33051

5.3CVSS5.7AI score0.00018EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/03/18 12:0 a.m.•1 views

PT-2026-26094

5.3CVSS5.7AI score0.00018EPSS

Exploits0References7

CVE•added 2026/03/16 6:57 p.m.•4 views

CVE-2026-32263

Craft CMS (versions 5.6.0–5.9.10) is vulnerable where parse_str-derived $settings in src/controllers/EntryTypesController.php is passed directly to Craft::configure() without cleansing via Component::cleanseConfig(). This allows injecting Yii2 behavior/event handlers through keys prefixed with "a...

8.6CVSS5.7AI score0.00048EPSS

Exploits0References3Affected Software1

Patchstack•added 2026/02/02 2:33 p.m.•2 views

WordPress Essential Addons for Elementor plugin <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Essential Addons for Elementor versions = 5.9.11...

6.4CVSS5.3AI score0.00177EPSS

Exploits0References1Affected Software1

EUVD•added 2025/12/24 3:30 p.m.•2 views

EUVD-2025-205272

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through = 5.9.11...

9.8CVSS6.5AI score0.00114EPSS

Exploits0References2

Cvelist•added 2025/12/24 1:10 p.m.•25 views

CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

7.2CVSS0.00114EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-5317

Malware in sbrugna...

5.4CVSS5.5AI score0.00216EPSS

Exploits0References5

Patchstack•added 2025/09/26 10:1 a.m.•2 views

WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by theviper17 in WordPress Plugin Icegram Express Pro versions 5.9.14...

9.8CVSS7.1AI score0.00114EPSS

Exploits0Affected Software1

OSV•added 2024/04/09 7:15 p.m.•0 views

CVE-2024-2623

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization an...

6.4CVSS6AI score

Exploits0References3