CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

988 matches found

NVD•added 2026/05/08 4:16 a.m.•7 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00021EPSS

Exploits0References1

CNVD•added 2026/03/31 12:0 a.m.•1 views

HCL Aftermarket DPC SQL Injection Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to execut...

8.3CVSS6AI score0.00013EPSS

Exploits0

Cvelist•added 2026/03/13 8:39 p.m.•20 views

CVE-2026-2923 GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS0.00108EPSS

Exploits0References2

Veracode•added 2026/02/19 8:55 a.m.•4 views

Arbitrary File Write

Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...

7.1CVSS6AI score0.00034EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/01/09 11:35 a.m.•4 views

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

6.1CVSS6.2AI score0.00396EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•5 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7AI score0.00412EPSS

Exploits1References1

Zero Day Initiative•added 2025/12/23 12:0 a.m.•3 views

Net-SNMP SnmpTrapd Agent Message Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Net-SNMP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SnmpTrapd service, which listens on UDP port 162 by default. The issue results from the lac...

9.8CVSS7.6AI score0.00594EPSS

Exploits2References1

CNVD•added 2025/12/10 12:0 a.m.•2 views

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

9.8CVSS8.3AI score0.00028EPSS

Exploits1References1

CNVD•added 2025/11/18 12:0 a.m.•3 views

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

6.5CVSS8.3AI score0.00035EPSS

Exploits0References1

CNNVD•added 2025/11/17 12:0 a.m.•1 views

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...

6.5CVSS8.2AI score0.00037EPSS

Exploits1References3

Cvelist•added 2025/10/28 12:0 a.m.•6 views

CVE-2025-61235

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...

0.001EPSS

Exploits0References1

CNNVD•added 2025/10/11 12:0 a.m.•2 views

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

9.8CVSS8.2AI score0.00043EPSS

Exploits1References5

CNNVD•added 2025/10/08 12:0 a.m.•2 views

code-projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...

9.8CVSS7.8AI score0.00043EPSS

Exploits1References6