CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

CNNVD•added 2026/01/19 12:0 a.m.•1 views

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...

9.8CVSS7.2AI score0.00015EPSS

Exploits0References4

Vulnrichment•added 2026/01/18 2:2 p.m.•2 views

CVE-2026-1122 Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

7.5CVSS7.1AI score0.00015EPSS

Exploits0References4

Vulnrichment•added 2025/12/11 9:39 p.m.•1 views

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

9.2CVSS8.6AI score0.01811EPSS

Exploits0References4

Cvelist•added 2025/12/11 9:39 p.m.•17 views

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

9.2CVSS0.01811EPSS

Exploits0References4

GithubExploit•added 2025/12/11 8:15 p.m.•136 views

Exploit for CVE-2020-1938

Ghostcat Scanner - CVE-2020-1938 A powerful Python exploit to...

9.8CVSS7AI score0.94469EPSS

Exploits44

Tenable Nessus•added 2025/12/11 12:0 a.m.•3 views

SAP NetWeaver AS Java DoS (December 2025)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by a denial of service vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to...

7.9CVSS6.2AI score0.00061EPSS

Exploits0References3

CISA KEV Catalog•added 2025/12/03 12:0 a.m.•9 views

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS7.5AI score0.78433EPSS

In wildExploits8