CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/04 1:22 p.m.•8 views

EUVD-2019-20173

7.2CVSS5.7AI score0.00211EPSS

Cvelist•added 2026/06/04 1:22 p.m.•38 views

CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

6.1CVSS0.00211EPSS

Vulnrichment•added 2026/06/04 1:22 p.m.•9 views

CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

6.1CVSS5.7AI score0.00211EPSS

CVE•added 2026/06/04 1:22 p.m.•11 views

CVE-2019-25737

CVE-2019-25737 affects Live Chat Unlimited 2.8.3. The issue is a stored cross-site scripting (XSS) vulnerability in the chat input field that allows unauthenticated attackers to submit payloads with script tags and event handlers. These scripts can execute in the admin area, enabling cookie theft...

6.1CVSS5.7AI score0.00211EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46207

Name of the Vulnerable Software and Affected Versions Live Chat Unlimited version 2.8.3 Description A stored cross-site scripting issue allows unauthenticated attackers to inject malicious scripts via the chat input field. By submitting payloads containing script tags and event handlers, attacker...

6.1CVSS5AI score0.00211EPSS

Exploits0References6

CVE•added 2026/05/19 8:38 p.m.•20 views

CVE-2026-34233

CVE-2026-34233 affects CtrlPanel, an open-source billing app. In versions ≤1.1.1, multiple admin controllers expose DataTable endpoints that can be reached via GET and lack any authorization checks. Despite routes living under the /admin/ prefix, the route group middleware does not enforce admin-...

6.5CVSS5.7AI score0.0028EPSS

Exploits0References2

RedhatCVE•added 2026/05/16 1:56 a.m.•11 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

NVD•added 2026/05/14 9:16 p.m.•9 views

CVE-2026-42847

7.1CVSS0.00203EPSS

CVE•added 2026/05/14 8:45 p.m.•16 views

CVE-2026-42847

CVE-2026-42847 affects ClipBucket v5 prior to 5.5.3 - #122. The vulnerability is a SQL injection in the authenticated admin endpoint admin_area/action_logs.php, where the GET parameter $_GET['type'] is read, stored, and concatenated into a SQL WHERE condition on action_type in fetch_action_logs()...

Vulnrichment•added 2026/05/14 8:45 p.m.•7 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cvelist•added 2026/05/14 8:45 p.m.•31 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.1CVSS0.00203EPSS

CNNVD•added 2026/05/14 12:0 a.m.•8 views

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 – version 122 – contained a SQL injection vulnerability. This vulnerability occurred due to the lack of parameterization of the...

CVE•added 2026/04/22 7:45 a.m.•8 views

Exploits0References2

CVE-2026-4090

Technical details beyond the CVE entry are not provided in the connected documents. Monitor for updates on affected plugin versions and remediation status.

6.1CVSS5.7AI score0.00243EPSS

Exploits0References17

Vulnrichment•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS

Exploits0References17

Positive Technologies•added 2026/04/22 12:0 a.m.•6 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00243EPSS

Exploits0References19

OSV•added 2026/04/10 8:49 a.m.•1 views

BIT-JOOMLA-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 11:0 p.m.•3 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS

Exploits0References5

RedhatCVE•added 2026/04/02 10:53 a.m.•2 views

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS