CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

230 matches found

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31617

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

6.3AI score0.00102EPSS

Exploits1References4

EUVD•added 2026/04/09 12:0 a.m.•4 views

EUVD-2025-209383

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

6.3AI score0.00102EPSS

Exploits1References3

CVE•added 2026/04/09 12:0 a.m.•19 views

CVE-2025-70810

CVE-2025-70810: Cross Site Request Forgery in Phpbb phbb3 v3.3.15 allows a local attacker to execute arbitrary code via the login function and authentication mechanism. Documented by Red Hat, NVD and CVE lists; CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no ...

8.8CVSS6.3AI score0.00102EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/03/16 11:54 a.m.•7 views

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

5.1CVSS6.1AI score0.00049EPSS

Exploits0References3

Cvelist•added 2026/03/08 3:32 p.m.•33 views

CVE-2026-3746 SourceCodester Simple Responsive Tourism Website Login Login.php sql injection

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may...

7.5CVSS0.00076EPSS

Exploits1References6

Vulnrichment•added 2026/02/12 1:23 a.m.•7 views

CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

9.8CVSS5.7AI score0.00129EPSS

Exploits1References2

EUVD•added 2026/02/08 7:2 p.m.•6 views

EUVD-2026-5773

A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

7.5CVSS5.1AI score0.00065EPSS

Exploits1References5

Vulnrichment•added 2026/01/30 2:32 p.m.•5 views

CVE-2026-1685 D-Link DIR-823X Login sub_40AC74 excessive authentication

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...

6.3CVSS5.5AI score0.00098EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 11:36 a.m.•2 views

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

9.8CVSS8AI score0.00264EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 9:37 p.m.•5 views

CVE-2025-13395

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...

7.5CVSS6.9AI score0.0003EPSS

Exploits0References1

NVD•added 2025/11/19 11:15 a.m.•4 views

CVE-2025-13395

7.5CVSS0.0003EPSS

Exploits0References5

EUVD•added 2025/11/19 11:2 a.m.•5 views

EUVD-2025-198151

7.5CVSS7.2AI score0.0003EPSS

Exploits0References6

Vulnrichment•added 2025/11/19 11:2 a.m.•2 views

CVE-2025-13395 codehub666 94list function.php login sql injection

7.5CVSS7.2AI score0.0003EPSS

Exploits0References5

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47451

Name of the Vulnerable Software and Affected Versions codehub666 94list affected versions not specified Description A security flaw exists in codehub666 94list. The issue involves a SQL injection impacting the Login function within the /function.php file. This allows for remote exploitation. The...

7.5CVSS7.5AI score0.0003EPSS

Exploits0References10

OSV•added 2025/10/27 3:15 a.m.•2 views

CVE-2025-12208

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /adminclass.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

9.8CVSS5.7AI score0.00031EPSS

Exploits1References5

CNVD•added 2025/10/13 12:0 a.m.•2 views

WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

7.5CVSS8.3AI score0.00108EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-8199

Malware in sbrugna...

9.8CVSS9.3AI score0.03236EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8742

Malware in sbrugna...

6.1CVSS6.3AI score0.00155EPSS

Exploits1References3