CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4261 matches found

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS5.8AI score0.00664EPSS

Exploits1References2

NVD•added yesterday•6 views

CVE-2026-56024

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0...

6.5CVSS

Exploits0References1

Cvelist•added yesterday•11 views

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0...

6.5CVSS

Exploits0References1

Positive Technologies•added yesterday•8 views

PT-2026-50801

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...

6.5CVSS5.9AI score0.00018EPSS

Exploits0References4

NVD•added 2 days ago•8 views

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS

Exploits0References3

EUVD•added 2 days ago•8 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS

Exploits0References2

CVE•added 2 days ago•8 views

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

8.8CVSS5.2AI score0.00276EPSS

Exploits0References1

CVE•added 2 days ago•5 views

CVE-2026-22330

CVE-2026-22330 describes an Unauthenticated Local File Inclusion vulnerability in the WordPress theme Right Way (version ≤ 4.0). The Patchstack entry and CVE listing confirm the flaw exists in this theme and is currently described as unpatched within the dataset. The CVSS/metrics indicate a high-...

8.1CVSS5.2AI score0.00363EPSS

Exploits0References1

Cvelist•added 2 days ago•25 views

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS0.00378EPSS

Exploits0References1

RedHat Linux•added 3 days ago•6 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.19 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.19.19 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.19.19 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7063: RHODF 4.19.19 release DFBUGS-7062: Backport to 4.19.z ODF Console is breaking DFBUGS-7047: Backport...

9.1CVSS6.6AI score0.00643EPSS

Exploits2References5

Cvelist•added 3 days ago•22 views

CVE-2026-10639 Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

4.8CVSS0.00193EPSS

Exploits0References2

EUVD•added 3 days ago•7 views

EUVD-2026-37045

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

7.5CVSS5.2AI score0.00305EPSS

Exploits0References1

CVE•added 3 days ago•5 views

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

7.5CVSS5.1AI score0.00232EPSS

Exploits0References1

EUVD•added 4 days ago•4 views

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS

Exploits0References2

EUVD•added 4 days ago•6 views

EUVD-2026-36969

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS5.2AI score0.00465EPSS

Exploits0References2

EUVD•added 4 days ago•7 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS

Exploits0References2

EUVD•added 4 days ago•5 views

EUVD-2026-36917

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS

Exploits0References2

NVD•added 4 days ago•4 views

CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS0.00428EPSS

Exploits0References1

EUVD•added 4 days ago•5 views

EUVD-2026-37008

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...

6.1CVSS5.5AI score0.00263EPSS

Exploits0References2

CVE•added 4 days ago•11 views

CVE-2026-48157

Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...

6.1CVSS5.5AI score0.00263EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by