CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2026/06/16 12:16 p.m.•9 views

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS0.00472EPSS

Exploits0References1

Cvelist•added 2026/06/16 10:18 a.m.•26 views

CVE-2026-10829

8.6CVSS0.00472EPSS

Exploits0References1

Positive Technologies•added 2026/06/16 12:0 a.m.•8 views

PT-2026-49654

Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...

8.6CVSS6.6AI score0.00472EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:52 a.m.•5 views

CVE-2022-42100

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...

5.4CVSS6AI score0.00477EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-45186

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00477EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-38858

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00488EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 10:13 p.m.•7 views

CVE-2022-36136

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment...

4.8CVSS6AI score0.00488EPSS

Exploits1References1

Positive Technologies•added 2024/03/27 12:0 a.m.•4 views

PT-2024-18831 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.1 Description: The issue is related to Stored Cross-Site Scripting via the physical location value due to insufficient input...

6.4CVSS7.7AI score0.0034EPSS

Exploits0References8

PyPA•added 2024/01/23 6:15 p.m.•6 views

PYSEC-2024-18

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS6.7AI score0.0098EPSS

Exploits1References8Affected Software1

CNNVD•added 2024/01/23 12:0 a.m.•4 views

whoogle-search Code Issue Vulnerability

whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A code issue vulnerability exists in versions prior to whoogle-search 0.8.4 that stems from a window endpoint that does not clean up user-supplied input from the location variable and passes it t...

9.8CVSS7AI score0.0098EPSS

Exploits1References7

Positive Technologies•added 2024/01/18 12:0 a.m.•3 views

PT-2024-19273 · Unknown · Whoogle Search

Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method, which sends a GET...

9.8CVSS7.2AI score0.0098EPSS

Exploits1References15

NVD•added 2022/11/29 4:15 a.m.•15 views

CVE-2022-36137

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader...

4.8CVSS0.00488EPSS

Exploits1References2

NVD•added 2022/11/29 4:15 a.m.•16 views

CVE-2022-42100

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...

5.4CVSS0.00477EPSS

Exploits1References2