CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25757 matches found

CVE-2026-56317

Nuxt is affected by CVE-2026-56317: a cross-site scripting flaw in the NoScript component present in Nuxt < 4.4.7 (and 3.x

2.3CVSS5.7AI score

Exploits0References4

Nuclei•added 16 hours ago•193 views

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

7.5CVSS7.1AI score0.14397EPSS

Exploits1References5

Nuclei•added 16 hours ago•31 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02222EPSS

Exploits1References4

Nuclei•added 16 hours ago•41 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.2AI score0.03419EPSS

Exploits1References4

Nuclei•added 16 hours ago•11 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS5.9AI score0.01317EPSS

Exploits0References2

Nuclei•added 16 hours ago•20 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.8AI score0.017EPSS

Exploits1References5

Nuclei•added 16 hours ago•15 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS6.6AI score0.0224EPSS

Exploits0References2

Nuclei•added 16 hours ago•31 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7.3AI score0.15088EPSS

Exploits4References4

Nuclei•added 16 hours ago•75 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.02582EPSS

Exploits1References5

Nuclei•added 16 hours ago•22 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.3AI score0.01146EPSS

Exploits1References2

Nuclei•added 16 hours ago•12 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.2AI score0.02177EPSS

Exploits1References3

Nuclei•added 16 hours ago•25 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.1AI score0.01875EPSS

Exploits1References2

CVE•added yesterday•9 views

CVE-2019-25759

The CVE-2019-25759 entry describes an SQL injection in Joomla! component vbizz 1.0.7 where an authenticated attacker can craft the payid parameter to execute arbitrary SQL via POST to the employee management interface, potentially exposing database version and names. The provided sources confirm ...

7.1CVSS6.3AI score

Exploits0References4

EUVD•added yesterday•4 views

EUVD-2019-20190

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...

8.8CVSS6.3AI score

Exploits0References4

EUVD•added yesterday•5 views

EUVD-2019-20189

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

8.8CVSS6.2AI score

Exploits0References4

CVE•added yesterday•6 views

CVE-2019-25749

Joomla J-CruisePortal 6.0.4 has an SQL injection in the cruises endpoint: authenticated attackers can send crafted SQL payloads via the guest_adult parameter in POST requests to read or modify database data. The CVSS indicates HIGH risk (7.1) with NETWORK, LOW exploit complexity, and LOW privileg...

7.1CVSS6.3AI score

Exploits0References4

EUVD•added yesterday•3 views

EUVD-2019-20184

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS6.3AI score

Exploits0References4

EUVD•added yesterday•1 views

EUVD-2017-19008

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=comextrasearch parameter and...

8.8CVSS6AI score

Exploits0References3

EUVD•added yesterday•3 views

EUVD-2017-18998

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS6.2AI score

Exploits0References2

EUVD•added yesterday•3 views

EUVD-2017-18997

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS6.2AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by