CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

ArmCode Arm Whois security vulnerability

ArmCode Arm Whois is a web information query tool developed by ArmCode Corporation. Version 3.11 of ArmCode Arm Whois contains a security vulnerability. This vulnerability stems from a stack buffer overflow, which could allow remote attackers to execute arbitrary code by providing excessive input...

9.8CVSS6.3AI score0.00255EPSS

Exploits0References4

Vulnrichment•added 2026/05/24 11:15 a.m.•4 views

CVE-2026-9378 Edimax BR-6675nD POST Request formHwSet command injection

A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument regDomain/ABandregDomain/nic0Addr/nic1Addr/wlanAddr/inicAddr results in command injection. It is...

6.5CVSS6.4AI score0.01409EPSS

Exploits0References4

ATTACKERKB•added 2026/05/24 11:15 a.m.•6 views

CVE-2026-9378

6.5CVSS6.4AI score0.01409EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42938

6.5CVSS6.4AI score0.01409EPSS

Exploits0References4

ATTACKERKB•added 2026/04/09 3:25 a.m.•0 views

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS6.1AI score0.00073EPSS

Exploits0References11

NVD•added 2026/04/07 6:16 p.m.•0 views

CVE-2026-39336

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person editor defaults rendered into address fields, and external self-registration form defaults. This is primarily an admin-to-adm...

6.1CVSS0.00035EPSS

Exploits0References1

CVE•added 2026/04/05 8:45 p.m.•4 views

CVE-2018-25256

CVE-2018-25256 affects IP TOOLS 2.50, specifically the SNMP Scanner component. A local buffer overflow can be triggered by oversized input in the From Addr and To Addr fields, crashing the application when Start is clicked and causing a denial of service via an SEH overwrite. The description in t...

6.8CVSS6.2AI score0.00026EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/01/30 4:16 p.m.•5 views

CVE-2020-37003

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

6.4CVSS6AI score0.00059EPSS

Exploits0References5

Cvelist•added 2026/01/30 4:16 p.m.•26 views

CVE-2020-37003 Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting

6.4CVSS0.00059EPSS

Exploits0References5

EUVD•added 2026/01/30 4:16 p.m.•2 views

EUVD-2020-30961

6.4CVSS6AI score0.00059EPSS

Exploits0References5

Positive Technologies•added 2026/01/30 12:0 a.m.•2 views

PT-2026-5414

6.4CVSS6AI score0.00059EPSS

Exploits0References6

RedhatCVE•added 2025/12/10 12:28 a.m.•6 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

5.4CVSS5.9AI score0.00027EPSS

Exploits1References1

EUVD•added 2025/12/09 9:31 p.m.•3 views

EUVD-2025-202319

5.4AI score0.00027EPSS

Exploits1References3

OSV•added 2025/12/09 7:15 p.m.•1 views

CVE-2025-65300

5.4CVSS6AI score

Exploits0References2

Cvelist•added 2025/12/09 12:0 a.m.•19 views

CVE-2025-65300

0.00027EPSS

Exploits1References2

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-50213

Name of the Vulnerable Software and Affected Versions Coohom SaaS Platform version 1760060603897 2025-10-28 Description A stored Cross-Site Scripting XSS issue exists in the Account Settings module. The issue occurs because unsanitized user input in Address fields, specifically City, State, and...

5.4CVSS6.3AI score0.00027EPSS

Exploits1References4

CVE•added 2025/12/09 12:0 a.m.•7 views

CVE-2025-65300

The CVE-2025-65300 entry concerns a stored XSS in the Coohom SaaS Platform, specifically in the Account Settings module for feVersion=1760060603897 (2025-10-28). The vulnerability arises from unsanitized input in Address fields (City, State, Country/Region) that is rendered back to the profile pa...

5.4CVSS5.5AI score0.00027EPSS

Exploits1References2Affected Software1

Packet Storm•added 2025/12/08 12:0 a.m.•133 views

📄 Coohom SaaS Cross Site Scripting

Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 –...

5.4CVSS6.4AI score0.00027EPSS

Exploits1

EUVD•added 2025/12/07 3:30 p.m.•4 views

EUVD-2025-201605

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

5.1CVSS5.2AI score0.00027EPSS

Exploits1References6

OSV•added 2025/12/07 3:15 p.m.•1 views

CVE-2025-14194

5.4CVSS4.2AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by