CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

204 matches found

ATTACKERKB•added 2026/05/17 12:11 p.m.•2 views

CVE-2018-25330

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/17 12:11 p.m.•4 views

EUVD-2018-21850

8.8CVSS5.8AI score0.00016EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•9 views

CVE-2018-25330

Joomla! EkRishta 2.10 is affected by persistent XSS and SQL injection as described in CVE-2018-25330. The vulnerabilities enable attackers to inject script payloads into profile information (e.g., Address) and SQL payloads via the phone_no parameter to user_setting, allowing script execution when...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References4

Vulnrichment•added 2026/05/17 12:11 p.m.•3 views

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

8.8CVSS5.8AI score0.00016EPSS

Exploits0References4

CNNVD•added 2026/05/17 12:0 a.m.•5 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2026/05/17 12:0 a.m.•5 views

PT-2026-41556

8.8CVSS5.8AI score0.00016EPSS

Exploits0References5

NVD•added 2026/05/16 4:16 p.m.•4 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00038EPSS

Exploits0References3

Vulnrichment•added 2026/05/16 3:26 p.m.•3 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3

Cvelist•added 2026/05/16 3:26 p.m.•30 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

6.9CVSS0.00038EPSS

Exploits0References3

CVE•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3

ATTACKERKB•added 2026/05/16 3:26 p.m.•3 views

CVE-2021-47934

6.9CVSS5.7AI score0.00038EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/16 12:0 a.m.•7 views

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

6.9CVSS5.8AI score0.00038EPSS

Exploits0References5

CNNVD•added 2026/05/16 12:0 a.m.•5 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00038EPSS

Exploits0References1

EUVD•added 2026/05/15 9:31 p.m.•2 views

EUVD-2025-209885

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

5.8AI score0.00252EPSS

Exploits0References3

Vulnrichment•added 2026/05/15 6:36 p.m.•3 views

CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4

Cvelist•added 2026/05/15 12:0 a.m.•24 views

CVE-2025-67031

0.00252EPSS

Exploits0References2

Positive Technologies•added 2026/05/15 12:0 a.m.•4 views

PT-2026-41373

5.8AI score0.00252EPSS

Exploits0References3

CVE•added 2026/05/15 12:0 a.m.•6 views

CVE-2025-67031

ORSEE 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values starting with the prefix "func:" , which are passed directly into an eval() call inside tagsets/participant.php and tagsets/o...

6.3CVSS5.8AI score0.00252EPSS

Exploits0References2

NVD•added 2026/05/07 4:16 a.m.•3 views

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

2.7CVSS0.00009EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 2:59 a.m.•2 views

CVE-2026-41659

2.7CVSS5.8AI score0.00009EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by