CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 17 hours ago•4 views

Payara Server - Cross-Site Scripting

Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...

9.3CVSS5.8AI score0.0066EPSS

Exploits1References3

ATTACKERKB•added 23 hours ago•2 views

CVE-2026-36606

7.1CVSS5.8AI score

Exploits0References2

Positive Technologies•added 23 hours ago•2 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score

Exploits0References2

Vulnrichment•added 23 hours ago•2 views

CVE-2026-36606

5.8AI score

EUVD•added 23 hours ago•3 views

EUVD-2026-34145

7.1CVSS5.8AI score

Cvelist•added 23 hours ago•3 views

CVE-2026-36606

VulnCheck KEV•added 2 days ago•6 views

VulnCheck KEV: CVE-2024-48456

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

7.5CVSS7.3AI score0.82582EPSS

In wildExploits0References2

Snyk•added 5 days ago•3 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the sendlogin process in modules/registration.php when a registration-administrator visits a...

6.9CVSS5.9AI score

Exploits0References2

CVE•added 5 days ago•13 views

CVE-2026-5386

CVE-2026-5386 concerns KMW CCTV Security Cameras with a critical unauthenticated password reset that lets an attacker remotely reset the administrator password to a known value, granting full access to feeds and settings. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base sc...

9.1CVSS5.8AI score0.0005EPSS

Exploits0References3

Vulnrichment•added 5 days ago•5 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00035EPSS

CVE•added 5 days ago•7 views

CVE-2026-10070

CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...

5.8CVSS5.5AI score0.00035EPSS

Cvelist•added 5 days ago•24 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

5.8CVSS0.00035EPSS

EUVD•added 5 days ago•7 views

EUVD-2018-21909

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

CVE•added 5 days ago•7 views

CVE-2018-25387

HaPe PKH 1.1 is affected by a cross-site request forgery (CSRF) vulnerability in the aksi_user.php endpoint that enables an attacker to change administrator passwords without authentication by submitting forged requests with parameters such as id_user, password, and level. The vulnerability descr...

Vulnrichment•added 5 days ago•2 views

CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

CNNVD•added 5 days ago•4 views

Sitejo HaPe PKH 跨站请求伪造漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow attacker...

CNNVD•added 5 days ago•4 views

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

5.8CVSS5.9AI score0.00035EPSS

Positive Technologies•added 5 days ago•3 views

PT-2026-44865

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksi user.php script with parameters like id user, password, and...