CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

Positive Technologies•added 2026/05/16 12:0 a.m.•11 views

PT-2026-41436

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References4

Cvelist•added 2026/05/11 3:3 p.m.•29 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS0.00041EPSS

Exploits1References4

ATTACKERKB•added 2026/03/27 12:0 a.m.•2 views

CVE-2026-30527

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Whe...

5.9AI score0.00012EPSS

Exploits1References2

Vulnrichment•added 2026/03/10 12:0 a.m.•1 views

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

5.9AI score0.00051EPSS

Exploits1References2

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

4.8CVSS5.8AI score0.00043EPSS

Exploits0References7

EUVD•added 2026/02/03 12:0 a.m.•2 views

EUVD-2025-206699

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

5.5AI score0.00052EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:39 p.m.•7 views

CVE-2023-43260

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting XSS vulnerability via the admin panel...

6.1CVSS6.2AI score0.00118EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:8 a.m.•6 views

CVE-2019-20480

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...

8.8CVSS6.7AI score0.00321EPSS

Exploits0References1

CNVD•added 2025/12/25 12:0 a.m.•4 views

Student File Management System update_student.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...

9.8CVSS7.9AI score0.0004EPSS

Exploits1References1

Cvelist•added 2025/12/09 3:59 p.m.•17 views

CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS0.0003EPSS

Exploits1References2

CVE•added 2025/12/01 9:35 p.m.•7 views

CVE-2025-66303

Grav vulnerability CVE-2025-66303: In Grav prior to 1.8.0-beta.27, the admin panel can enter malformed cron-like input in the scheduled_at parameter, e.g., a single quote, causing DoS by corrupting backup.yaml. The issue stems from insufficient sanitization of cron expressions. Recovery requires ...

4.9CVSS6.4AI score0.00138EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/08 10:32 p.m.•2 views

EUVD-2025-33275

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

5.8CVSS6.3AI score0.00076EPSS

Exploits1References7

RedhatCVE•added 2025/10/08 6:13 a.m.•3 views

CVE-2025-11354

A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published an...

6.5CVSS6.3AI score0.00068EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-2876

Malware in sbrugna...

4.8CVSS5AI score0.00321EPSS

Exploits3References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-4756

Malware in sbrugna...

6CVSS6.4AI score0.02522EPSS

Exploits0References3