CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•29 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01333EPSS

Nuclei•added yesterday•29 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch othe...

6.1CVSS6.4AI score0.01333EPSS

Nuclei•added yesterday•28 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch oth...

6.1CVSS6.4AI score0.01333EPSS

Exploits1References2

Nuclei•added yesterday•4 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS6.1AI score0.01774EPSS

Exploits0References4

Nuclei•added yesterday•31 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.1AI score0.01027EPSS

Exploits1References3

Nuclei•added yesterday•18 views

OpenCATS 0.9.7 - Cross-Site Scripting

OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based...

6.1CVSS6.3AI score0.0137EPSS

Exploits1References3

Nuclei•added yesterday•27 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01278EPSS

VulnCheck KEV•added 6 days ago•6 views

VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6AI score0.01774EPSS

In wildExploits0References4

RedhatCVE•added 2026/06/01 10:3 p.m.•11 views

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

RedhatCVE•added 2026/06/01 10:3 p.m.•9 views

Exploits0References1

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS

Exploits0References1

NVD•added 2026/05/31 1:16 p.m.•15 views

CVE-2026-49490

8.6CVSS0.00249EPSS

NVD•added 2026/05/31 1:16 p.m.•14 views

CVE-2026-49489

8.5CVSS0.00263EPSS

Exploits0References4

ATTACKERKB•added 2026/05/31 12:7 p.m.•10 views

CVE-2026-49490

Vulnrichment•added 2026/05/31 12:7 p.m.•9 views

Exploits0References3

CVE-2026-49490 OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column

EUVD•added 2026/05/31 12:7 p.m.•10 views

EUVD-2026-33502

Cvelist•added 2026/05/31 12:7 p.m.•32 views

CVE-2026-49490 OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column

8.6CVSS0.00249EPSS

CVE•added 2026/05/31 12:7 p.m.•28 views

CVE-2026-49490

OpenCATS (version 0.9.1a) contains an SQL injection in DataGrid filter handling for the Tags column in the Candidates DataGrid. The vulnerability can be exploited by authenticated attackers who manipulate filter requests to bypass column filter restrictions and execute arbitrary SQL queries again...