CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1746 matches found

Positive Technologies•added 2026/01/02 12:0 a.m.•14 views

PT-2026-1043

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the ID argument within the HTTP GET parameter handler of the /worksheet/agent worksdel.jsp file. Remote exploitation is possible. The...

7.5CVSS7.1AI score0.00024EPSS

Exploits1References14

GithubExploit•added 2025/12/29 4:7 p.m.•184 views

Exploit for Command Injection in Dlink Di-7400G\+_Firmware

CVE-2025-57105 D-Link DI-7400G+ Command Injection Ove...

9.8CVSS7.9AI score0.01069EPSS

Exploits3

Vulnrichment•added 2025/12/10 8:54 p.m.•3 views

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

8.7CVSS6.4AI score0.00382EPSS

Exploits1References4

Positive Technologies•added 2025/12/08 12:0 a.m.•6 views

PT-2025-49550

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS7.1AI score0.00025EPSS

Exploits0References2

OSV•added 2025/11/18 12:15 p.m.•4 views

CVE-2025-6670

A Cross-Site Request Forgery CSRF vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation...

8.8CVSS6.3AI score

Exploits0References1

Vulnrichment•added 2025/11/18 11:28 a.m.•3 views

CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services

8.8CVSS6AI score0.0002EPSS

Exploits0References1

NVD•added 2025/11/14 11:15 p.m.•3 views

CVE-2021-4465

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing...

8.7CVSS0.00468EPSS

Exploits1References7

CVE•added 2025/11/14 10:51 p.m.•10 views

CVE-2021-4465

CVE-2021-4465 affects ReQuest Serious Play F3 Media Server. A remote, unauthenticated attacker can force a DoS by sending a crafted HTTP GET request, potentially shutting down or rebooting the device and interrupting service. Affected versions include 2.0.1.823 through 7.0.3.4968 (Pro); vulnerabl...

8.7CVSS6.7AI score0.00468EPSS

Exploits1References7

RedhatCVE•added 2025/11/07 1:46 p.m.•4 views

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

5.4CVSS6.6AI score0.00042EPSS

Exploits0References1