CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

128 matches found

VulnCheck KEV: CVE-2024-48456

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

7.5CVSS7.3AI score0.82582EPSS

In wildExploits0References2

NVD•added 2026/04/20 6:16 p.m.•2 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

8.2CVSS0.00279EPSS

Exploits0References3

ATTACKERKB•added 2026/04/20 12:0 a.m.•2 views

CVE-2026-39110

8.2CVSS5.8AI score0.00279EPSS

Exploits0References4

Cvelist•added 2026/04/20 12:0 a.m.•27 views

CVE-2026-39110

0.00279EPSS

Exploits0References3

Positive Technologies•added 2026/04/20 12:0 a.m.•1 views

PT-2026-33817

8.2CVSS5.8AI score0.00279EPSS

Exploits0References5

Vulnrichment•added 2026/04/20 12:0 a.m.•1 views

CVE-2026-39110

5.8AI score0.00279EPSS

Exploits0References3

NVD•added 2026/04/08 7:24 p.m.•1 views

CVE-2025-50663

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usbpaswd.asp endpoint...

7.5CVSS0.00054EPSS

Exploits0References3

CVE•added 2026/04/02 2:46 p.m.•3 views

CVE-2026-34823

CVE-2026-34823 affects Endian Firewall prior to version 3.3.25. The issue is a stored XSS in the remark parameter of /manage/password/web/. An authenticated attacker can inject JavaScript that is stored and then executed when other users view the affected page. The vulnerability is confirmed by m...

6.4CVSS5.9AI score0.00034EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/11 9:5 a.m.•19 views

CVE-2025-13649 REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...

5.1CVSS0.00013EPSS

Exploits0References4

EUVD•added 2025/12/31 9:30 p.m.•1 views

EUVD-2025-206085

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...

8.7CVSS6.6AI score0.0004EPSS

Exploits1References7

Vulnrichment•added 2025/12/31 6:39 p.m.•1 views

CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint

8.7CVSS6.8AI score0.0004EPSS

Exploits1References5

OSV•added 2025/12/09 10:43 p.m.•2 views

CVE-2025-67496 WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting XSS vulnerability in the /WeGIA/html/geral/configurarsenhas.php endpoint. The application does not sanitize user-controlled data before...

4.3CVSS5.1AI score0.00026EPSS

Exploits1References5

OSV•added 2025/11/20 12:15 a.m.•0 views

CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

9.8CVSS5.8AI score

Exploits0References4

CNNVD•added 2025/11/20 12:0 a.m.•2 views

Sports Club Management System in php SQL注入漏洞

Sports Club Management System in php is a sports club management system by Darkseid Personal Developer. A SQL injection vulnerability exists in Sports Club Management System in php version 1.0, which stems from an incorrect manipulation of the parameter loginid in the file...

9.8CVSS7.7AI score0.00031EPSS

Exploits1References5

CNVD•added 2025/11/20 12:0 a.m.•3 views

Online Shopping Portal forgot-password.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00052EPSS

Exploits1References1

Positive Technologies•added 2025/11/19 12:0 a.m.•3 views

PT-2025-47540

Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

7.5CVSS7.5AI score0.00031EPSS

Exploits1References7