CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7208 matches found

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

6.1CVSS6.3AI score0.14005EPSS

Exploits0References5

Nuclei•added 2 days ago•31 views

Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting

Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...

6.1CVSS6.1AI score0.25711EPSS

Exploits3References5

RedhatCVE•added 5 days ago•6 views

CVE-2026-10558

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may...

6.5CVSS6.3AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 5 days ago•4 views

CVE-2026-10559

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be us...

6.5CVSS6.2AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 5 days ago•5 views

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS7AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 5 days ago•5 views

CVE-2026-10694

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

7.5CVSS7AI score0.00061EPSS

Exploits0References1

EUVD•added 6 days ago•7 views

EUVD-2026-34293

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS5.4AI score0.00043EPSS

Exploits0References6

VulnCheck KEV•added 6 days ago•4 views

VulnCheck KEV: CVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.7AI score0.01391EPSS

In wildExploits1References2

EUVD•added 2026/06/03 12:15 a.m.•7 views

EUVD-2026-34059

7.5CVSS6.9AI score0.00061EPSS

Exploits0References6

CVE•added 2026/06/02 8:15 p.m.•7 views

CVE-2026-10620

The CVE-2026-10620 entry applies to code-projects Student Admission System 1.0, with a SQL injection flaw in /index.php triggered by tampering with eid/did arguments. The underlying issue is an input handling fault that enables remote SQL injection (attack vector: NETWORK; complexity: LOW). The e...

7.5CVSS6.9AI score0.00048EPSS

Exploits0References8

ATTACKERKB•added 2026/06/02 8:15 p.m.•5 views

CVE-2026-10620

7.5CVSS6.9AI score0.00048EPSS

Exploits0References8Affected Software1

EUVD•added 2026/06/02 8:15 p.m.•7 views

EUVD-2026-34023

7.5CVSS5.7AI score0.00048EPSS

Exploits0References8

ATTACKERKB•added 2026/06/02 1:15 a.m.•7 views

CVE-2026-10559

6.5CVSS6.3AI score0.00052EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/02 1:15 a.m.•7 views

EUVD-2026-33859

6.5CVSS6.3AI score0.00052EPSS

Exploits0References6

Vulnrichment•added 2026/06/02 1:0 a.m.•10 views

CVE-2026-10558 SourceCodester Pizzafy Ecommerce System index.php file inclusion

6.5CVSS6.4AI score0.00052EPSS

Exploits0References6

Cvelist•added 2026/06/01 11:15 p.m.•33 views

CVE-2026-10301 itsourcecode Fees Management System index.php cross site scripting

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS0.00039EPSS

Exploits0References6

Cvelist•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25425 Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

8.8CVSS0.0009EPSS

Exploits0References4

NVD•added 2026/05/30 7:16 a.m.•12 views

CVE-2026-10110

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS0.00039EPSS

Exploits0References5

EUVD•added 2026/05/30 6:0 a.m.•8 views

EUVD-2026-33448

7.5CVSS7AI score0.00039EPSS

Exploits0References5