CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5556 matches found

GitLab CE/EE - Remote Code Execution

GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modi...

9.9CVSS7.6AI score0.76884EPSS

Exploits0References5

Nuclei•added 10 hours ago•8 views

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

6.1CVSS7.2AI score0.00561EPSS

Exploits1References2

Nuclei•added 10 hours ago•20 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.8AI score0.017EPSS

Exploits1References5

EUVD•added 2 days ago•7 views

EUVD-2026-38262

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS5.9AI score0.00364EPSS

Exploits0References1

NVD•added 5 days ago•9 views

CVE-2019-25762

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

8.7CVSS0.00442EPSS

Exploits0References4

CVE•added 5 days ago•11 views

CVE-2019-25762

CVE-2019-25762 affects Joomla! component JoomProject 1.1.3.2. The vulnerability is an information disclosure via the projects endpoint, where unauthenticated attackers can query index.php with option=com_jpprojects&view=projects&tmpl=component&format=json to retrieve user IDs, names, and email ad...

8.7CVSS5.9AI score0.00442EPSS

Exploits0References4

EUVD•added 5 days ago•5 views

EUVD-2019-20198

8.7CVSS5.9AI score0.00442EPSS

Exploits0References4

NVD•added 5 days ago•10 views

CVE-2017-20253

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extrac...

8.8CVSS0.00334EPSS

Exploits0References4

EUVD•added 5 days ago•4 views

EUVD-2017-18980

8.8CVSS6.2AI score0.00334EPSS

Exploits0References4

Cvelist•added 5 days ago•26 views

CVE-2017-20253 Joomla! Component My Projects 2.0 SQL Injection

8.8CVSS0.00334EPSS

Exploits0References4

CVE•added 5 days ago•9 views

CVE-2017-20253

Joomla! Component My Projects 2.0 is affected by an SQL injection vulnerability that allows unauthenticated attackers to craft requests to the VerAyari parameter and execute arbitrary SQL queries. The flaw can enable extraction of sensitive database information, including credentials and system d...

8.8CVSS6.2AI score0.00334EPSS

Exploits0References4

EUVD•added last week•6 views

EUVD-2026-37581

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS5.1AI score0.00437EPSS

Exploits0References3

CVE•added 2026/06/17 8:56 a.m.•9 views

CVE-2026-42357

CVE-2026-42357 describes an Incorrect Authorization vulnerability in Apache DolphinScheduler. The issue allows users to access workflow instance information for projects they should not access. Affected versions are DolphinScheduler

6.5CVSS5.2AI score0.00312EPSS

Exploits0References2Affected Software1

CVE•added 2026/06/17 8:55 a.m.•10 views

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

4.9CVSS5AI score0.00437EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/17 8:55 a.m.•25 views

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

0.00437EPSS

Exploits0References1

Fedora•added 2026/06/13 1:13 a.m.•13 views

[SECURITY] Fedora 44 Update: composer-2.10.1-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

5.4AI score

Exploits0

NVD•added 2026/06/12 9:16 p.m.•9 views

CVE-2026-12130

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

5.1CVSS0.00203EPSS

Exploits0References6