CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

RedhatCVE•added 2025/05/22 5:37 a.m.•12 views

CVE-2019-17298

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...

8.8CVSS8AI score0.01163EPSS

Exploits0References1

Vulnrichment•added 2025/05/08 12:0 a.m.•6 views

CVE-2025-45818

Slims Senayan Library Management Systems 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/masterfile/itemstatus.php...

6.8AI score0.00268EPSS

Exploits1References2

CNNVD•added 2025/01/22 12:0 a.m.•3 views

SLiMS 9 Bulian 安全漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which stems from...

6.7CVSS7.9AI score0.00604EPSS

Exploits1References2

CNNVD•added 2024/09/27 12:0 a.m.•2 views

Puppet Enterprise Administration Module 安全漏洞

Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in Puppet Enterprise Administration Module versions prior to 3.24.0 that stems from the...

5.4CVSS6.6AI score0.00164EPSS

Exploits0References2

OSV•added 2023/08/17 10:15 a.m.•3 views

CVE-2023-3698

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

8.1CVSS5.8AI score0.00532EPSS

Exploits0References1

OSV•added 2022/11/12 4:15 a.m.•3 views

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...

7.8CVSS5.8AI score0.00519EPSS

Exploits0References1

ATTACKERKB•added 2022/08/18 3:0 a.m.•3 views

CVE-2022-37398

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below...

8.8CVSS7.8AI score0.00594EPSS

Exploits0References2Affected Software1

OSV•added 2022/08/05 5:15 p.m.•3 views

CVE-2022-37398

8.8CVSS6.2AI score0.00594EPSS

Exploits0References1

OSV•added 2022/05/17 1:29 a.m.•26 views

GHSA-5CMC-R23M-HVRR TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01187EPSS

Exploits0References7

CNNVD•added 2022/05/12 12:0 a.m.•2 views

Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in cms/admin?page=client/ The...

9.8CVSS8.7AI score0.01568EPSS

Exploits1References2

Positive Technologies•added 2020/06/22 12:0 a.m.•3 views

PT-2020-14082 · Global Radar · Global Radar Bsa Radar

Name of the Vulnerable Software and Affected Versions: Global RADAR BSA Radar versions 1.6.7234.24750 and earlier Description: The issue allows users to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy, potentially exposing...

4.3CVSS4.2AI score0.077EPSS

Exploits4References5

CNVD•added 2019/10/08 12:0 a.m.•4 views

SugarCRM PHP Object Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

7.2CVSS7.3AI score0.01407EPSS

Exploits0References1

CNVD•added 2019/10/08 12:0 a.m.•2 views

SugarCRM Administration Module SQL Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A SQL injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit this vulnerability to inject custom PHP code...

8.8CVSS8AI score0.01163EPSS

Exploits0References1

CNVD•added 2019/10/08 12:0 a.m.•4 views

SugarCRM Administration Module PHP Code Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

7.2CVSS8AI score0.01353EPSS

Exploits0References1

CNVD•added 2019/10/08 12:0 a.m.•3 views

SugarCRM PHP code injection vulnerability (CNVD-2019-34425)

8.8CVSS8AI score0.01401EPSS

Exploits0References1

OSV•added 2019/10/07 4:15 p.m.•4 views

CVE-2019-17298

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...

8.8CVSS7.3AI score

Exploits0References1

OSV•added 2019/10/07 4:15 p.m.•3 views