CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

NVD•added 2026/04/29 8:16 p.m.•3 views

CVE-2018-25318

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

9.8CVSS0.00176EPSS

Exploits1References2

Positive Technologies•added 2026/04/15 12:0 a.m.•1 views

PT-2026-33011

Name of the Vulnerable Software and Affected Versions Login as User plugin for WordPress versions prior to 1.0.4 Description An issue exists where the handle return to admin function trusts a client-controlled cookie oclaup original admin to determine the user for authentication. Because there is...

8.8CVSS5.2AI score0.00054EPSS

Exploits0References8

CVE•added 2025/10/10 12:0 a.m.•7 views

CVE-2025-60308

The CVE-2025-60308 pertains to code-projects Simple Online Hotel Reservation System 1.0, with a Cross-Site Scripting (XSS) vulnerability in the Add Room function. Malicious input in the Description field can leak the administrator’s cookie when room details are viewed, indicating potential creden...

4.1CVSS5.7AI score0.00037EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-0462

Malware in sbrugna...

6.4CVSS6.4AI score0.00277EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-2943

Malware in sbrugna...

4.3CVSS6.2AI score0.01827EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-14159

Malware in sbrugna...

6.1CVSS6.3AI score0.00223EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-14254

Malware in sbrugna...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-9337

Malware in sbrugna...

9CVSS7AI score0.00464EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-6598

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00247EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 1:51 a.m.•3 views

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

8.2CVSS6.8AI score0.00005EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:11 p.m.•4 views

CVE-2021-27522

Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained...

8.8CVSS7.3AI score0.00534EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:18 p.m.•4 views

CVE-2020-21333

Cross Site Scripting XSS vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case...

5.4CVSS5.9AI score0.00261EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:18 p.m.•6 views

CVE-2020-21228

JIZHICMS 1.5.1 contains a cross-site scripting XSS vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie...

6.1CVSS5.7AI score0.00412EPSS

Exploits1

NVD•added 2023/06/13 9:15 p.m.•8 views

CVE-2023-2637

8.2CVSS7.6AI score0.00005EPSS

Exploits0References1

Prion•added 2023/06/13 9:15 p.m.•14 views

Hardcoded credentials

4.1CVSS8AI score0.00005EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2023/06/13 8:15 p.m.•10 views

CVE-2023-2637 Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key

7.3CVSS7AI score0.00005EPSS

Exploits0References1

CVE•added 2023/06/13 8:15 p.m.•59 views

CVE-2023-2637

CVE-2023-2637 affects Rockwell Automation’s FactoryTalk System Services. The vulnerability arises from a hard-coded cryptographic key used to generate administrator cookies, which could allow a local, authenticated non-admin user to forge an invalid administrator cookie and gain administrative pr...

8.2CVSS7.6AI score0.00005EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2023/03/10 12:0 a.m.•5 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.2AI score0.00747EPSS

Exploits1References2

CNNVD•added 2022/09/14 12:0 a.m.•3 views

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

6.3CVSS7.2AI score0.00247EPSS

Exploits0References4

Prion•added 2022/09/02 8:15 p.m.•16 views

Design/Logic Flaw

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2...

5.8CVSS5.9AI score0.00247EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by