CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

CNNVD•added 2026/04/22 12:0 a.m.•3 views

Xerte Online Toolkits 路径遍历漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php...

7.1CVSS6.2AI score0.00133EPSS

Exploits0References2

Zero Day Initiative•added 2026/04/15 12:0 a.m.•4 views

(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...

7.5CVSS6.1AI score

Exploits0

RedhatCVE•added 2026/03/28 4:59 p.m.•1 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS6.7AI score0.00057EPSS

Exploits0References1

EUVD•added 2026/03/27 3:30 p.m.•3 views

EUVD-2026-16629

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...

7.5CVSS5.6AI score0.00057EPSS

Exploits0References5

NVD•added 2026/03/27 3:17 p.m.•1 views

CVE-2026-4953

7.5CVSS0.00057EPSS

Exploits0References4

ATTACKERKB•added 2026/03/27 2:13 p.m.•1 views

CVE-2026-4953

7.5CVSS6.7AI score0.00057EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/27 2:13 p.m.•26 views

CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

7.5CVSS0.00057EPSS

Exploits0References4

Vulnrichment•added 2026/03/27 2:13 p.m.•0 views

CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

7.5CVSS5.5AI score0.00057EPSS

Exploits0References4

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28679

7.5CVSS5.5AI score0.00057EPSS

Exploits0References5

NVD•added 2026/03/24 6:16 p.m.•0 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS0.00042EPSS

Exploits0References4

ATTACKERKB•added 2026/03/24 5:31 p.m.•1 views

CVE-2026-33161

5.3CVSS5.7AI score0.00042EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/03/24 5:31 p.m.•20 views

CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

5.3CVSS0.00042EPSS

Exploits0References4

Positive Technologies•added 2026/03/24 12:0 a.m.•2 views

PT-2026-27466

5.3CVSS5.7AI score0.00042EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:33 a.m.•1 views

CVE-2024-39243

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editorsave...

9.8CVSS7.6AI score0.00191EPSS

Exploits0References1

EUVD•added 2025/10/30 9:30 p.m.•1 views

EUVD-2025-37193

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...

5.8AI score0.00047EPSS

Exploits0References3

OSV•added 2025/10/30 7:16 p.m.•1 views

CVE-2025-52180

6.1CVSS5.9AI score

Exploits0References2

Veracode•added 2025/10/22 9:0 a.m.•12 views

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /c/portal/comment/discussion/geteditor endpoint, allowing attackers to inject and execute arbitrary web scripts in a victim’s browser...

6.1CVSS6.4AI score0.00037EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/09/22 12:0 a.m.•9 views

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

0.0005EPSS

Exploits1References2

Snyk•added 2025/09/10 9:30 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /c/portal/comment/discussion/geteditor path. An attacker can execute arbitrary web scripts in the context of a user's browser by crafting a malicious request. Details Cross-site scripting or XSS is a cod...

6.1CVSS5.4AI score0.00037EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 10:25 a.m.•3 views

CVE-2024-42621

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/admineditor.php...

8.8CVSS7.5AI score0.00235EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by