CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

196 matches found

Nuclei•added 2026/05/25 4:37 a.m.•478 views

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

9.8CVSS7AI score0.94393EPSS

Exploits64References4

GithubExploit•added 2026/04/29 3:58 a.m.•82 views

Exploit for OS Command Injection in Php

PHP CVE Autopilot Fully automated detection and exploitat...

9.8CVSS7.2AI score0.94393EPSS

Exploits67

ATTACKERKB•added 2026/03/23 6:35 a.m.•2 views

CVE-2026-4577

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/updates4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public...

4.8CVSS4.2AI score0.00041EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/10 8:30 p.m.•1 views

MINI-WWR5-38FQ-4577

Bulletin has no description...

5.9CVSS5.7AI score0.00029EPSS

Exploits0

EUVD•added 2026/01/24 7:26 a.m.•2 views

EUVD-2026-4577

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

7.2CVSS5.7AI score0.00041EPSS

Exploits0References6

Tenable Nessus•added 2025/08/11 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2023-4577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could...

6.5CVSS7.3AI score0.00102EPSS

Exploits0References2

GithubExploit•added 2025/07/23 12:49 a.m.•385 views

Exploit for OS Command Injection in Php

CVE-2024-4577 Mass Scanner & Exploit Tool PoC This Python s...

9.8CVSS9.5AI score0.94393EPSS

Exploits64

GithubExploit•added 2025/06/23 5:27 a.m.•296 views

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP CGI Remote Code Execution Exploit Author:...

9.8CVSS9.1AI score0.94393EPSS

Exploits64

Exploit DB•added 2025/06/15 12:0 a.m.•312 views

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: PHP CGI Module 8.3.4 - Remote Code Execution RCE Date: 2025-06-13 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/yigitsql old account banned Vendor Homepage: https://www.php.net/ Software Link: https://www.php.net/downloads Version: PH...

9.8CVSS9.6AI score0.94393EPSS

Exploits64

RedhatCVE•added 2025/06/12 12:21 p.m.•1 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00126EPSS

Exploits0References1

Patchstack•added 2025/06/11 1:9 a.m.•9 views

WordPress Smash Balloon Custom Facebook Feed plugin <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-color Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.1...

6.4CVSS5.5AI score0.00126EPSS

Exploits0References1Affected Software1

Circl•added 2025/06/10 11:34 a.m.•1 views

CVE-2025-4577

creationtimestamp| type| source ---|---|--- 2025-06-10 11:34:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17868...

6.4CVSS4.8AI score0.00126EPSS

Exploits0References1

CVE•added 2025/06/10 11:22 a.m.•49 views

CVE-2025-4577

The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...

6.4CVSS5.8AI score0.00126EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/06/10 11:22 a.m.•2 views

CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute

6.4CVSS5.8AI score0.00126EPSS

Exploits0References3

GithubExploit•added 2025/05/27 7:19 p.m.•371 views

Exploit for OS Command Injection in Php

CVE-2024-4577 취약점 테스트 스크립트 이 Python 스크립트는 PHP의 최신 취약점인 CVE-...

9.8CVSS9.6AI score0.94393EPSS

Exploits64

RedhatCVE•added 2025/05/23 12:35 a.m.•6 views

CVE-2022-4577

The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.9AI score0.00252EPSS

Exploits2References1

GithubExploit•added 2025/04/18 11:3 a.m.•326 views

Exploit for OS Command Injection in Php

CVE-2024-4577 Exploit Exploit of the PHP CGI Argument Injectio...

9.8CVSS9.8AI score0.94393EPSS

Exploits64

GithubExploit•added 2025/04/12 12:28 p.m.•1074 views

Exploit for OS Command Injection in Php

CVE-2024-4577 usage: CVE-2024-4577.py -h -v RHOST RPO...

9.8CVSS9.7AI score0.94393EPSS

Exploits64