CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

428 matches found

Cvelist•added 2026/02/09 1:2 a.m.•28 views

CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS0.00043EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 10:57 a.m.•2 views

CVE-2022-38273

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/listapprove...

7.2CVSS8.1AI score0.00368EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:57 a.m.•2 views

CVE-2022-38286

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

7.2CVSS8.1AI score0.00274EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:56 a.m.•1 views

CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

7.2CVSS8.1AI score0.00346EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:56 a.m.•1 views

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...

7.2CVSS8.1AI score0.00274EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:56 a.m.•7 views

CVE-2022-38278

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list...

7.2CVSS8.1AI score0.00368EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:55 a.m.•3 views

CVE-2022-38272

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list...

7.2CVSS8.1AI score0.00368EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:55 a.m.•2 views

CVE-2022-38281

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list...

7.2CVSS8.1AI score0.00368EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:53 a.m.•4 views

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

5.4CVSS7.1AI score0.00191EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:50 a.m.•2 views

CVE-2022-37199

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/user/list...

9.8CVSS8.1AI score0.00245EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:50 a.m.•5 views

CVE-2022-37201

JFinal CMS 5.1.0 is vulnerable to SQL Injection...

8.8CVSS7.5AI score0.01078EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:50 a.m.•6 views

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

9.8CVSS7.5AI score0.01107EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:49 a.m.•5 views

CVE-2022-37207

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

8.8CVSS7.6AI score0.01078EPSS

Exploits2References1