CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/08 4:49 p.m.•7 views

EUVD-2026-35134

ATTACKERKB•added 2026/06/08 4:49 p.m.•5 views

CVE-2026-25855

Exploits0References3Affected Software1

Vulnrichment•added 2026/06/08 4:49 p.m.•6 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

Cvelist•added 2026/06/08 4:49 p.m.•35 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

8.8CVSS0.01081EPSS

Vulnrichment•added 2026/06/08 2:1 p.m.•6 views

CVE-2026-25558 QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS

NVD•added 2026/06/08 1:16 p.m.•10 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00142EPSS

Exploits0References1

NVD•added 2026/06/08 1:16 p.m.•8 views

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS0.00142EPSS

Exploits0References1

EUVD•added 2026/06/08 12:30 p.m.•6 views

EUVD-2026-35056

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS

CVE•added 2026/06/08 12:0 p.m.•10 views

CVE-2026-11512

CVE-2026-11512 affects itsourcecode Hospital Management System 1.0. The vulnerability arises from handling of the patientid argument in /billing.php, enabling cross-site scripting (XSS). The issue is exploitable remotely, and the exploit has been publicly disclosed. CVSS metrics indicate a networ...

5.3CVSS3.8AI score0.00273EPSS

GithubExploit•added 2026/06/08 10:46 a.m.•52 views

Post_Exploitation_Privilege_Escalation

⬆️ Week 05 — Post-Exploitation & Privilege Escalation Inter...

5.5AI score

Exploits0

EUVD•added 2026/06/08 10:22 a.m.•6 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00541EPSS

Exploits0References1

NVD•added 2026/06/08 7:16 a.m.•14 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS0.00223EPSS

EUVD•added 2026/06/08 6:15 a.m.•9 views

EUVD-2026-35026

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS6.5AI score0.002EPSS

EUVD•added 2026/06/08 5:0 a.m.•7 views

EUVD-2026-35021

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.00275EPSS

Cvelist•added 2026/06/08 5:0 a.m.•40 views

CVE-2026-11490 code-projects Online Music Site Search.php sql injection

7.5CVSS0.00275EPSS

EUVD•added 2026/06/08 4:30 a.m.•12 views

EUVD-2026-35019

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS

NVD•added 2026/06/08 2:16 a.m.•7 views

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS0.00187EPSS

Exploits0References3

CVE•added 2026/06/08 1:55 a.m.•17 views

CVE-2023-54351

CVE-2023-54351 : WordPress Sonaar Music Plugin 4.7 has a stored XSS vulnerability in the comment functionality. Unauthenticated attackers can submit JavaScript payloads via the comment parameter to wp-comments-post.php, which are stored and later executed in the browsers of users viewing the affe...

7.2CVSS5.2AI score0.00172EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•9 views

PT-2026-47342