CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

263065 matches found

CVE•added 3 days ago•9 views

CVE-2026-49773

CVE-2026-49773 refers to a Cross Site Scripting (XSS) vulnerability in WordPress FV Flowplayer Video Player plugin versions earlier than 7.5.51.7212. The vulnerability is described as a Subscriber XSS issue; CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, required user interactio...

6.5CVSS5.1AI score0.00166EPSS

Exploits0References1

CVE•added 3 days ago•15 views

CVE-2026-49770

CVE-2026-49770 affects the WordPress WP Travel Engine plugin (

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

EUVD•added 3 days ago•7 views

EUVD-2026-36893

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

Cvelist•added 3 days ago•25 views

CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS0.00166EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS

Exploits0References1

CVE•added 3 days ago•16 views

CVE-2026-49769

CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-36890

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS5.2AI score0.00506EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-49768 WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...

9.8CVSS0.00547EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS

Exploits0References1

CVE•added 3 days ago•15 views

CVE-2026-49766

CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...

9.9CVSS5.2AI score0.00506EPSS

Exploits0References1

CVE•added 3 days ago•11 views

CVE-2026-49768

CVE-2026-49768 affects the WordPress plugin Happyforms (versions ≤ 1.26.13). The vulnerability is an unauthenticated PHP Object Injection in Happyforms, caused by an unsafe object deserialization path. Impact is described as high for confidentiality, integrity, and availability, with a CVSS 3.1 b...

9.8CVSS5.3AI score0.00547EPSS

Exploits0References1

Cvelist•added 3 days ago•25 views

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS0.004EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS5.2AI score0.004EPSS

Exploits0References1

Cvelist•added 3 days ago•25 views

CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS0.00383EPSS

Exploits0References1

EUVD•added 3 days ago•4 views

EUVD-2026-36889

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

CVE•added 3 days ago•14 views

CVE-2026-49765

The CVE-2026-49765 entry concerns the WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin (versions <= 1.1.8). The connected sources confirm unauthenticated PHP Object Injection as the vulnerability, with a CVSS 3.1 base score of 9.8 (CRITICAL) and im...

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

CVE•added 3 days ago•21 views

CVE-2026-49764

CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...

9.8CVSS5.2AI score0.004EPSS

Exploits0References1

Cvelist•added 3 days ago•24 views

CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS

Exploits0References1

CVE•added 3 days ago•11 views

CVE-2026-49763

CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions

9.8CVSS5.3AI score0.00383EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by