CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/04 1:26 a.m.•9 views

CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

6.5CVSS5.9AI score0.00217EPSS

EUVD•added 2026/06/04 1:26 a.m.•11 views

EUVD-2026-34191

6.5CVSS5.9AI score0.00217EPSS

ATTACKERKB•added 2026/06/04 1:26 a.m.•5 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS

Exploits0References5

Cvelist•added 2026/06/04 1:26 a.m.•39 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

7.5CVSS0.003EPSS

Exploits0References4

EUVD•added 2026/06/04 1:26 a.m.•13 views

EUVD-2026-34190

7.5CVSS5.9AI score0.003EPSS

Exploits0References4

CVE•added 2026/06/04 1:26 a.m.•19 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...

7.5CVSS5.9AI score0.003EPSS

Exploits0References4

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46323

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•15 views

PT-2026-46111

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager versions prior to 4.72 Description Unauthorized access is possible due to a missing capability check in the view file function. Unauthenticated attackers can read file metadata and obtain download links for...

7.5CVSS5.7AI score0.003EPSS

Exploits0References8

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46337

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46372

Unauthenticated Local File Inclusion in Spike = 1.2 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46359

Unauthenticated Local File Inclusion in Medeus = 1.14 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46208

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc ajax save option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set t...

9.8CVSS5.8AI score0.00347EPSS

Exploits0References6

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46332

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.2AI score0.00348EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46381

Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46344

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

8.6CVSS5.2AI score0.0046EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46369

Unauthenticated Local File Inclusion in Choreo = 1.6 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•13 views

PT-2026-46349

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

8.6CVSS5.2AI score0.00533EPSS