CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

This is a proof-of-concept PoC exploit for a vulnerable web application system called Pikachu. The system contains a variety of common web security vulnerabilities, including SQL injection, cross-site scripting XSS, cross-site request forgery CSRF, remote code execution RCE, and more. The...

7.7AI score

Exploits0

OSV•added 2025/05/27 12:15 a.m.•2 views

CVE-2025-5214

A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/coursedetailusernew.php. The manipulation of the argument ID leads to sql injection. The attack may be launched...

9.8CVSS5.7AI score0.00472EPSS

Exploits1References4

NVD•added 2025/05/27 12:15 a.m.•12 views

CVE-2025-5214

9.8CVSS0.00472EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 9:54 a.m.•9 views

CVE-2024-28198

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

7.5CVSS6.9AI score0.00431EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:14 a.m.•12 views

CVE-2023-40607

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

8.8CVSS7.1AI score0.00214EPSS

Exploits0

RedhatCVE•added 2025/05/23 2:12 a.m.•9 views

CVE-2023-3563

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was...

6.1CVSS6.3AI score0.00442EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by