CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

274 matches found

CVE•added 2026/04/28 1:43 p.m.•16 views

CVE-2026-27760

OpenCATS before commit 3002a29 contains a PHP code injection in the installer AJAX endpoint (databaseConnectivity action) that allows unauthenticated attackers to inject PHP code and execute it. The exploit relies on breaking out of the define() context in config.php (via a single quote and state...

9.2CVSS5.9AI score0.01774EPSS

In wildExploits0References6

Vulnrichment•added 2026/04/28 1:43 p.m.•7 views

CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS5.9AI score0.01774EPSS

Exploits0References6

Cvelist•added 2026/04/28 1:43 p.m.•33 views

CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint

9.2CVSS0.01774EPSS

Exploits0References6

CNNVD•added 2026/04/28 12:0 a.m.•6 views

OpenCats 代码注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. OpenCats has a code injection vulnerability, which stems from PHP code injection in the AJAX endpoints of the installation wizard. This vulnerability allows unauthenticated attackers to execute arbitrary code ...

9.2CVSS6.2AI score0.01774EPSS

Exploits0References1

Positive Technologies•added 2026/04/28 12:0 a.m.•5 views

PT-2026-35727

Name of the Vulnerable Software and Affected Versions OpenCATS versions prior to commit 3002a29 Description An unauthenticated PHP code injection issue exists in the installer AJAX endpoint. This allows attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity...

9.2CVSS5.9AI score0.01774EPSS

Exploits0References12