CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

531 matches found

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42562

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Unauthenticated users can access page metadata on any page that has a configured summary template. This allows for the disclosure of private, draft, and restricted pages, leaking information suc...

6.3CVSS5.8AI score0.00031EPSS

Exploits0References4

OSV•added 2026/04/16 10:23 a.m.•1 views

MAL-2026-2805 Malicious code in winston-prisma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...

5.7AI score

Exploits0

OSSF Malicious Packages•added 2026/04/16 10:23 a.m.•4 views

Malicious code in winston-prisma (npm)

5.7AI score

Exploits0

RedhatCVE•added 2026/03/08 1:44 a.m.•1 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00015EPSS

Exploits0References1

NVD•added 2026/03/07 12:16 a.m.•3 views

CVE-2026-1981

4.3CVSS0.00015EPSS

Exploits0References6

Patchstack•added 2026/03/07 12:10 a.m.•3 views

WordPress Winston AI plugin <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI versions = 0.0.3...

4.3CVSS5.8AI score0.00015EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/03/07 12:0 a.m.•3 views

WordPress plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00015EPSS

Exploits0References7

ATTACKERKB•added 2026/03/06 11:22 p.m.•1 views

CVE-2026-1981

4.3CVSS5.8AI score0.00015EPSS

Exploits0References7

Vulnrichment•added 2026/03/06 11:22 p.m.•2 views

CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

4.3CVSS5.8AI score0.00015EPSS

Exploits0References6

CVE•added 2026/03/06 11:22 p.m.•5 views

CVE-2026-1981

The Winston AI WordPress plugin (HUMN-1 AI Website Scanner & Human Certification)

4.3CVSS5.8AI score0.00015EPSS

Exploits0References6

Positive Technologies•added 2026/03/06 12:0 a.m.•1 views

PT-2026-23761

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston disconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00015EPSS

Exploits0References7

Positive Technologies•added 2025/11/30 12:0 a.m.•3 views

PT-2025-48396

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can le...

5.3CVSS5.2AI score0.00027EPSS

Exploits0References5