CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146 matches found

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS

Exploits0References6

CVE•added 2026/05/15 5:38 a.m.•12 views

CVE-2026-24662

The CVE-2026-24662 entry describes a cross-site scripting vulnerability in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1, affecting rev2203.0 and earlier. When a file containing malicious contents is uploaded, an arbitrary script may execute in a user’s browser when an administrator v...

5.4CVSS5.8AI score0.00032EPSS

Exploits0References1

NVD•added 2026/05/09 7:16 p.m.•5 views

CVE-2026-8191

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This affects the function wifiregion of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might ...

8.8CVSS0.00088EPSS

Exploits1References4

Positive Technologies•added 2026/03/26 12:0 a.m.•4 views

PT-2026-28202

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize text field when capturing bot data whic...

7.2CVSS6AI score0.00237EPSS

Exploits0References13

Positive Technologies•added 2026/03/18 12:0 a.m.•2 views

PT-2026-26109

A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02. The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality...

5.8AI score0.00411EPSS

Exploits0References4

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25704

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.9AI score0.00045EPSS

Exploits0References5

RedhatCVE•added 2026/03/03 1:48 a.m.•2 views

CVE-2026-26702

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...

9.8CVSS6AI score0.00018EPSS

Exploits1References1

CNVD•added 2026/03/02 12:0 a.m.•2 views

GFI MailEssentials AI IP Blocklist Administration Page Cross-Site Scripting Vulnerability

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...

5.4CVSS5.7AI score0.00045EPSS

Exploits0

CNNVD•added 2026/02/19 12:0 a.m.•5 views

GFI MailEssentials AI 安全漏洞

5.4CVSS5.7AI score0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/18 9:55 p.m.•4 views

CVE-2019-25356 Bematech Printer MP-4200 TH Cross-Site Scripting

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript...

6.1CVSS5.5AI score0.00015EPSS

Exploits0References4

Cvelist•added 2026/02/11 8:26 a.m.•24 views

CVE-2026-1215 MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00007EPSS

Exploits0References5

CNNVD•added 2025/12/24 12:0 a.m.•2 views

Smartwares HOME easy 安全漏洞

Smartwares HOME easy is a wireless home automation product line from the Dutch company Smartwares. A security vulnerability exists in Smartwares HOME easy version 1.0.9, which stems from an authentication bypass that could result in access to the administration page...

9.8CVSS6.8AI score0.00323EPSS

Exploits1References3

OSV•added 2025/12/21 12:15 a.m.•0 views

CVE-2025-14989

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...

9.8CVSS5.7AI score0.00027EPSS

Exploits1References5

OSV•added 2025/10/07 10:15 p.m.•1 views

CVE-2025-11410

A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...

8.8CVSS5.8AI score

Exploits0References5