CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

360 matches found

RedhatCVE•added 2026/06/05 7:43 p.m.•6 views

CVE-2026-8117

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

5.3CVSS3.8AI score0.00269EPSS

Exploits0References1

Cvelist•added 2026/06/04 3:30 p.m.•37 views

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS0.00209EPSS

Exploits0References6

NVD•added 2026/06/02 2:16 a.m.•13 views

CVE-2026-10558

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may...

6.5CVSS0.00227EPSS

Exploits0References6

ATTACKERKB•added 2026/06/02 1:0 a.m.•10 views

CVE-2026-10558

6.5CVSS6.4AI score0.00227EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/06/02 1:0 a.m.•36 views

CVE-2026-10558 SourceCodester Pizzafy Ecommerce System index.php file inclusion

6.5CVSS0.00227EPSS

Exploits0References6

CVE•added 2026/06/02 1:0 a.m.•17 views

CVE-2026-10558

SourceCodester Pizzafy Ecommerce System 1.0 has a remote file inclusion in /admin/index.php caused by manipulating the page parameter. The vulnerability affects an unknown function and can be exploited remotely; the exploit is publicly available. CVSS metrics in the sources show MEDIUM severity (...

6.5CVSS6.4AI score0.00227EPSS

Exploits0References6

Positive Technologies•added 2026/06/02 12:0 a.m.•12 views

PT-2026-45679

6.5CVSS6.4AI score0.00227EPSS

Exploits0References7

EUVD•added 2026/05/13 6:30 p.m.•8 views

EUVD-2020-31225

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS

Exploits0References5

NVD•added 2026/05/13 4:16 p.m.•5 views

CVE-2020-37226

7.1CVSS0.00273EPSS

Exploits0References4

NVD•added 2026/05/13 4:16 p.m.•4 views

CVE-2020-37224

7.1CVSS0.00273EPSS

Exploits0References4

CVE•added 2026/05/13 2:22 p.m.•11 views

CVE-2020-37226

Joomla J2 JOBS 1.3.0 has an authenticated SQL injection in the sortby parameter. With legitimate admin access, an attacker can send crafted POST requests to the administrator index to modify queries and extract sensitive data using automated tools. The CVSS data in the connected records shows a h...

7.1CVSS5.9AI score0.00273EPSS

Exploits0References4

EUVD•added 2026/05/08 9:31 a.m.•8 views

EUVD-2025-209736

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

7.3CVSS6.1AI score0.01186EPSS

Exploits3References4

NVD•added 2026/05/08 7:16 a.m.•6 views

CVE-2025-67888

7.3CVSS0.01186EPSS

Exploits3References3

EUVD•added 2026/05/08 12:31 a.m.•10 views

EUVD-2026-28475

5.3CVSS4.2AI score0.00269EPSS

Exploits0References6

NVD•added 2026/05/08 12:16 a.m.•13 views

CVE-2026-8117

5.3CVSS0.00269EPSS

Exploits0References5

CNNVD•added 2026/05/08 12:0 a.m.•6 views

Control Web Panel 操作系统命令注入漏洞

Control Web Panel is a Linux virtual host control panel. Versions of Control Web Panel prior to 0.9.8.1209 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the key parameter in /admin/index.php, allowing unauthenticated...

7.3CVSS6.1AI score0.01186EPSS

Exploits3References1

CNNVD•added 2026/05/08 12:0 a.m.•7 views

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter 'page' in the file 'admin/index.php', whi...

5.3CVSS5.7AI score0.00269EPSS

Exploits0References1

Positive Technologies•added 2026/05/08 12:0 a.m.•8 views

PT-2026-38670

Name of the Vulnerable Software and Affected Versions Control Web Panel CWP versions prior to 0.9.8.1209 Description Unauthenticated attackers can inject and execute arbitrary OS commands with root privileges on the web server. This occurs because user input provided through the key GET parameter...

7.3CVSS6.1AI score0.01186EPSS

Exploits3References8