CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

RedhatCVE•added 2026/01/09 11:25 a.m.•2 views

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...

6.1CVSS5.9AI score0.00211EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:35 a.m.•6 views

CVE-2024-34191

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the deletepost function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request...

6.5CVSS7.2AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:34 a.m.•3 views

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

6.1CVSS6.3AI score0.0119EPSS

Exploits1References1

RedhatCVE•added 2025/12/18 11:36 p.m.•2 views

CVE-2023-53917

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames...

8.7CVSS7.6AI score0.00036EPSS

Exploits1References1

EUVD•added 2025/12/17 9:30 p.m.•0 views

EUVD-2025-203932

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

6.1AI score0.00088EPSS

Exploits1References5

NVD•added 2025/12/17 7:16 p.m.•1 views

CVE-2025-67174

7.5CVSS0.00088EPSS

Exploits1References4

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51955

Name of the Vulnerable Software and Affected Versions Affiliate Me version 5.0.1 Description The software contains a SQL injection issue in the admin.php endpoint. Authenticated administrators can manipulate database queries through the id parameter using crafted union-based queries. This allows...

8.7CVSS7.7AI score0.00036EPSS

Exploits1References5

CNNVD•added 2025/12/17 12:0 a.m.•1 views

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References5

CVE•added 2025/11/24 1:2 a.m.•8 views

CVE-2025-13576

Blog Site 1.0 is affected by CVE-2025-13576 due to improper authorization in the admin.php file. The vulnerability arises from an unclear/unknown function in /admin.php that can be manipulated to bypass authorization, enabling remote exploitation. Multiple endpoints are affected, and exploitation...

8.8CVSS6.3AI score0.0004EPSS

Exploits0References5Affected Software1

EUVD•added 2025/11/24 1:2 a.m.•3 views

EUVD-2025-198595

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

6.5CVSS6.2AI score0.0004EPSS

Exploits0References6

Vulnrichment•added 2025/11/24 1:2 a.m.•10 views

CVE-2025-13576 code-projects Blog Site admin.php improper authorization

6.5CVSS6.4AI score0.0004EPSS

Exploits0References5

CNNVD•added 2025/11/24 12:0 a.m.•3 views

Code-Projects Blog Site 授权问题漏洞

Blog Site is a blogging system. Blog Site suffers from an improper authorization vulnerability that originates in the file /admin.php, which can be exploited by an attacker to compromise confidentiality, integrity, and availability...

8.8CVSS6.7AI score0.0004EPSS

Exploits0References6

CVE•added 2025/11/10 5:2 a.m.•5 views

CVE-2025-12932

CVE-2025-12932 affects SourceCodester Baby Care System 1.0. The vulnerability exists in the admin functionality, specifically the /admin.php?id=inbox endpoint, where improper handling of the message identifier (msgid) enables a SQL injection. The issue can be triggered remotely and is supported b...

9.8CVSS5.2AI score0.00026EPSS

Exploits1References5Affected Software1

NVD•added 2025/10/28 12:15 a.m.•4 views

CVE-2025-12332

A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function deleteuser of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

4.8CVSS0.0005EPSS

Exploits1References6

CNNVD•added 2025/10/28 12:0 a.m.•1 views

SourceCodester Student Grades Management System 代码注入漏洞

SourceCodester Student Grades Management System is a SourceCodester open source student grades management system. A code injection vulnerability exists in SourceCodester Student Grades Management System version 1.0, which originates from a cross-site scripting vulnerability in the deleteuser...

4.8CVSS4.4AI score0.0005EPSS

Exploits1References7

Vulnrichment•added 2025/10/08 5:2 p.m.•8 views

CVE-2025-11485 SourceCodester Student Grades Management System Manage Users admin.php add_user cross site scripting

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

4.8CVSS5.6AI score0.00035EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25956

Malware in sbrugna...

6.1CVSS6.3AI score0.00201EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-8747

Malware in sbrugna...

6.1CVSS6.3AI score0.0019EPSS

Exploits2References2