CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Circl•added 2026/05/19 4:30 a.m.•5 views

CVE-2026-41948

creationtimestamp| type| source ---|---|--- 2026-05-19 04:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116599359441666989 2026-05-19 11:42:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116601058386037204 2026-05-31 11:02:08+00:00| seen|...

9.4CVSS5.8AI score0.00079EPSS

Exploits1References3

NVD•added 2026/05/18 3:16 p.m.•6 views

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.4CVSS0.00079EPSS

Exploits1References3

EUVD•added 2025/11/10 5:18 a.m.•1 views

EUVD-2025-41948

Malicious code in sari-sambel16-sukiwir npm...

6.6AI score

Exploits0

RedhatCVE•added 2025/05/23 5:13 a.m.•4 views

CVE-2023-41948

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christoph Rado Cookie Notice & Consent plugin = 1.6.0 versions...

5.9CVSS5.6AI score0.00063EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:41 a.m.•4 views

CVE-2022-41948

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...

7.2CVSS6.8AI score0.00358EPSS

Exploits0References1

CVE•added 2023/09/25 12:36 a.m.•27 views

CVE-2023-41948

CVE-2023-41948 refers to a Stored XSS vulnerability in the WordPress plugin Cookie Notice & Consent, affecting versions

5.9CVSS5.1AI score0.00063EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/09/06 12:0 a.m.•7 views

WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Consent Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41948 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a22d5557bd2 Credits DoYeon Park p6rkdoye0n Require...

5.9CVSS6.9AI score0.00063EPSS

Exploits0References2Affected Software1

Circl•added 2022/12/09 2:12 a.m.•0 views

CVE-2022-41948

creationtimestamp| type| source ---|---|--- 2022-12-09 02:12:54+00:00| seen| https://t.me/cibsecurity/54211...

7.2CVSS7AI score0.00358EPSS

Exploits0References1

Vulnrichment•added 2022/12/08 10:14 p.m.•11 views

CVE-2022-41948 Privilege Chaining with the user admin role in dhis2-core

6.7CVSS7.1AI score0.00358EPSS

Exploits0References1

CVE•added 2022/12/08 10:14 p.m.•64 views

CVE-2022-41948

CVE-2022-41948 describes a privilege-escalation in DHIS 2 core where a user with authority to manage users can self-assign superuser privileges by crafting an HTTP PUT request. The root cause is improper handling of user-management authority that allows self-elevation if the attacker is authentic...

7.2CVSS6.8AI score0.00358EPSS

Exploits0References1Affected Software1

Circl•added 2022/04/29 6:24 p.m.•1 views

CVE-2021-41948

creationtimestamp| type| source ---|---|--- 2022-04-29 18:24:29+00:00| seen| https://t.me/cibsecurity/41657...

5.4CVSS5.5AI score0.00191EPSS

Exploits1References1

NVD•added 2022/04/29 2:15 p.m.•9 views

CVE-2021-41948

A cross-site scripting XSS vulnerability exists in the "contact us" plugin for Subrion CMS = 4.2.1 version via "List of subjects"...

5.4CVSS0.00191EPSS

Exploits1References1