CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...

5.9AI score

Exploits0

RedhatCVE•added 2025/07/04 10:5 a.m.•13 views

CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

8.8CVSS6.4AI score0.00732EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:46 a.m.•11 views

CVE-2024-25675

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp...

9.8CVSS9.3AI score0.00142EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:16 a.m.•4 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

4.7CVSS8.1AI score0.00071EPSS

Exploits1References1

Hacker One•added 2025/05/05 3:6 p.m.•5 views

U.S. Dept Of Defense: POST XSS - fields[account][firstname] parameter

A cross-site scripting XSS vulnerability was discovered in a parameter named "fieldsaccountfirstname" that was processed via the POST method. The vulnerability allowed the injection of malicious scripts that could be executed when the affected page was loaded. The impact of the vulnerability was...

6.2AI score

Exploits0

Hacker One•added 2025/05/05 2:55 p.m.•5 views

U.S. Dept Of Defense: POST XSS - data[account][id] parameter

A Cross-Site Scripting XSS vulnerability was discovered in the POST method through the "dataaccountid" parameter. The vulnerability allowed the injection of malicious scripts that could be executed. The affected system was located on a system host. The vulnerability was not assigned a CVE number...

6.2AI score

Exploits0

NVD•added 2025/04/08 11:15 a.m.•13 views

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

4.8CVSS0.00001EPSS

Exploits0References2

Positive Technologies•added 2025/01/17 12:0 a.m.•2 views

PT-2025-5302 · Apple · Ipados +5

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 Description: A type confusion issue was addressed with...

7.8CVSS8.2AI score0.00114EPSS

Exploits0References23

Cvelist•added 2024/12/19 9:39 a.m.•45 views

CVE-2023-4617 Gaining remote control over Govee devices

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS0.01331EPSS

Exploits0References4

Vulnrichment•added 2024/12/19 9:39 a.m.•37 views

CVE-2023-4617 Gaining remote control over Govee devices

10CVSS6.8AI score0.01331EPSS

Exploits0References4

CNNVD•added 2024/12/19 12:0 a.m.•2 views

Govee Home 安全漏洞

Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home that stems from an Authorization Error vulnerability in the HTTP POST method in the application, which allows remote attackers to take control of devices owned by other users by changing the values of the...

10CVSS6.9AI score0.01331EPSS

Exploits0References4

OSV•added 2024/10/25 10:15 p.m.•2 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

4.7CVSS5.8AI score0.00071EPSS

Exploits1References1

Positive Technologies•added 2024/10/25 12:0 a.m.•2 views

PT-2024-33049 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue concerns SQL Injection in the edit post method of the /Admin/Controller/NavControl.class.php file via the parentid parameter. This allows for potential exploitation. Recommendations: For WTCMS version...

4.7CVSS8.2AI score0.00071EPSS

Exploits1References4