CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/26 4:2 p.m.•8 views

CVE-2026-44314 Traccar: Missing edit authorization on device image upload allows read-only users to write files

5.3CVSS5.8AI score0.0003EPSS

Cvelist•added 2026/05/05 12:17 p.m.•30 views

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

5.4CVSS0.00049EPSS

EUVD•added 2026/05/05 12:17 p.m.•3 views

EUVD-2026-27307

5.4CVSS5.8AI score0.00049EPSS

ATTACKERKB•added 2026/05/05 12:12 p.m.•1 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.8AI score0.0005EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/05 12:12 p.m.•29 views

CVE-2026-27644 traccar allows CSV formula injection via exported position data

6.5CVSS0.0005EPSS

Vulnrichment•added 2026/05/05 12:12 p.m.•2 views

CVE-2026-27644 traccar allows CSV formula injection via exported position data

6.5CVSS5.8AI score0.0005EPSS

CVE•added 2026/04/22 9:25 p.m.•9 views

CVE-2026-41175

Statamic CMS (Laravel/Git-based) prior to 5.73.20 and 6.13.0 is affected. The issue stems from unsafe method invocation during query value resolution, enabling data destruction via manipulated query parameters on Control Panel, REST API endpoints, or GraphQL queries. Exploitation requires REST/Gr...

8.1CVSS5.7AI score0.00105EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/22 12:0 a.m.•3 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.20 and 6.13.0, which stemmed from insufficient...

8.1CVSS5.8AI score0.00105EPSS

OSV•added 2025/11/22 8:41 a.m.•6 views

BIT-LIMESURVEY-2025-41076 Multiple vulnerabilities in Limesurvey

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS6.6AI score0.00041EPSS

OSV•added 2025/11/22 8:41 a.m.•2 views

BIT-LIMESURVEY-2025-41074 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

7.5CVSS6.7AI score0.00024EPSS

NVD•added 2025/11/20 3:17 p.m.•5 views

CVE-2025-41074

7.5CVSS0.00024EPSS

CVE•added 2025/11/20 12:52 p.m.•16 views

CVE-2025-41076

LimeSurvey 6.13.0 is affected by an information-exposure issue triggered by malformed session cookies, causing HTTP 500 errors that leak internal backend details. The reports consistently specify exposure of backend stack elements such as the Yii framework, the MySQL/MariaDB engine, table name li...

6.9CVSS6.3AI score0.00041EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/11/20 12:49 p.m.•2 views

CVE-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

6.9CVSS6.3AI score0.00024EPSS

CNNVD•added 2025/11/20 12:0 a.m.•1 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team that supports survey program development, survey posting, and data collection. A security vulnerability exists in LimeSurvey version 6.13.0, which stems from mishandling of errors and could lead to...

6.9CVSS6.2AI score0.00041EPSS

OSV•added 2023/07/14 6:15 p.m.•1 views

CVE-2023-32761

Cross Site Request Forgery CSRF vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request...

8CVSS6.1AI score0.00467EPSS

CNNVD•added 2023/06/22 12:0 a.m.•5 views

WordPress Plugin WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00133EPSS