CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-28109

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00274EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-46062

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.0022EPSS

Exploits0References2

Positive Technologies•added 2025/07/17 12:0 a.m.•1 views

PT-2025-29922 · Unknown · Oa Ekp Version 16

Name of the Vulnerable Software and Affected Versions: OA EKP version 16 Description: OA EKP version 16 contains an arbitrary download vulnerability within the /ui/sys ui extend/sysUiExtend.do component. This issue allows attackers to obtain the background administrator password and subsequently...

8.1CVSS6.5AI score0.0022EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 7:42 a.m.•3 views

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

8.8CVSS6.9AI score0.00138EPSS

Exploits1References1

Positive Technologies•added 2025/02/20 12:0 a.m.•3 views

PT-2025-7590 · Phpcmsv9 · Phpcmsv9

Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...

6.1CVSS7.1AI score0.00118EPSS

Exploits1References5

CVE•added 2025/02/20 12:0 a.m.•55 views

CVE-2025-25960

CVE-2025-25960 is a Cross Site Scripting vulnerability affecting phpcmsv9 v9.6.3. The issue allows a remote attacker to escalate privileges via the member center’s menu interface in the background administrator. Reported impact is a partial privilege escalation with low confidentiality/integrity ...

6.1CVSS6.5AI score0.00118EPSS

Exploits1References1Affected Software1

OSV•added 2022/06/23 5:15 p.m.•0 views

CVE-2021-40955

SQL injection exists in LaiKetui v3.5.0 the background administrator list...

7.2CVSS7.1AI score0.00274EPSS

Exploits1References1

NVD•added 2019/04/30 8:29 p.m.•13 views

CVE-2019-11625

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. A remote background administrator privilege user or a user with permission to manage emailing could exploit the vulnerability to obtain database sensitive information...

4.9CVSS5.2AI score0.00321EPSS

Exploits1References1

NVD•added 2019/04/30 8:29 p.m.•10 views

CVE-2019-11624

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files...

5.5CVSS5.3AI score0.00746EPSS

Exploits1References1

Prion•added 2019/04/30 8:29 p.m.•10 views

Arbitrary file deletion

5.5CVSS5.3AI score0.00746EPSS

Exploits1References1Affected Software1

Prion•added 2019/04/30 8:29 p.m.•12 views

Sql injection

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. A remote background administrator privilege user or a user with permission to manage network configuration could exploit the vulnerability to obtain database sensitive...

4CVSS5.3AI score0.00261EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/04/30 7:40 p.m.•13 views

CVE-2019-11619

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user or a user with permission to manage configuration analytics could exploit the vulnerability to obtain database sensitive...

5.2AI score0.00261EPSS

Exploits1References1

OSV•added 2018/07/24 4:29 p.m.•3 views

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

8.8CVSS5.8AI score0.00168EPSS

Exploits1References1

NVD•added 2018/07/24 4:29 p.m.•11 views

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

8.8CVSS8.6AI score0.00168EPSS

Exploits1References1

OSV•added 2018/07/24 4:29 p.m.•1 views

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

8.8CVSS5.8AI score0.00138EPSS

Exploits1References1

CNVD•added 2017/06/24 12:0 a.m.•1 views

Stored Cross-Site Vulnerability in Jeecms

JEECMS is a web content management system developed by Jiangxi Jinlei Technology Development Co. Jeecms is located in /jeeadmin/jeecms/content/vview.do file there is a stored cross-site vulnerability, due to the response returned data is not strictly filtered. Attackers can use this vulnerability...

6.6AI score

Exploits0

myhack58•added 2011/05/07 12:0 a.m.•20 views

dhtml-menu-builder universal password and XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability Description: from abroad dhtml-menu-builder Auth bypass and Persistent xss; official website http://dhtml-menu-builder. com/; the system there is a serious background administrator authentication bypass vulnerability, as well asXSScross-site vulnerabilities. Publisher/date:...

0.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by