CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

Cvelist•added 2026/05/29 5:47 p.m.•30 views

CVE-2026-40425 MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

6.9CVSS0.00602EPSS

Exploits0References3

Positive Technologies•added 2026/05/16 12:0 a.m.•12 views

PT-2026-41461

Name of the Vulnerable Software and Affected Versions WP Learn Manager version 1.1.2 Description A stored cross-site scripting issue allows unauthenticated attackers to inject malicious scripts. This is achieved by submitting POST requests to the 'jslm fieldordering' page using the fieldtitle...

7.2CVSS5.7AI score0.00214EPSS

Exploits0References6

EUVD•added 2026/05/13 6:30 p.m.•7 views

EUVD-2020-31227

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS

Exploits0References5

OSV•added 2026/02/26 4:27 p.m.•5 views

GO-2026-4537 Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2

Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2...

8.2CVSS5.5AI score0.00166EPSS

Exploits1References3

Cvelist•added 2026/02/24 3:5 p.m.•17 views

CVE-2026-27516 Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

8.6CVSS0.00179EPSS

Exploits0References2

OSV•added 2026/02/20 5:25 p.m.•2 views

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

5.1CVSS5.8AI score0.00181EPSS

Exploits0References2

Positive Technologies•added 2026/02/20 12:0 a.m.•2 views

PT-2026-21274

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/user action.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and...

5.1CVSS5.4AI score0.00181EPSS

Exploits0References3

Positive Technologies•added 2026/02/20 12:0 a.m.•3 views

PT-2026-21275

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow user settings.php submitting to admin/update user.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and image url, which...

5.1CVSS5.4AI score0.00165EPSS

Exploits0References3

Tenable Nessus•added 2026/01/19 12:0 a.m.•3 views

MiracleLinux 3 : mailman-2.1.11-3.3AXS3 (AXBA:2009-202:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXBA:2009-202:01 advisory. - Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified...

6.8CVSS5.5AI score0.06425EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-1226

Malware in sbrugna...

4.3CVSS6.4AI score0.01774EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-2841

Malware in sbrugna...

4.3CVSS6.1AI score0.07905EPSS

Exploits0References10