CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

225 matches found

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44899

SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...

5.8AI score0.00031EPSS

Exploits0References3

Vulnrichment•added 2026/04/29 7:15 p.m.•2 views

CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

5.3CVSS3.7AI score0.00039EPSS

Exploits0References5

EUVD•added 2026/03/24 12:30 p.m.•5 views

EUVD-2019-20018

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00044EPSS

Exploits0References4

CVE•added 2026/01/16 7:37 p.m.•9 views

CVE-2026-23724

CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...

5.4CVSS5AI score0.0005EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/01/16 7:37 p.m.•18 views

CVE-2026-23724 WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration Page

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastroocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...

4.3CVSS0.0005EPSS

Exploits1References3

Cvelist•added 2026/01/16 4:44 a.m.•21 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS0.00064EPSS

Exploits0References6

GithubExploit•added 2026/01/13 1:31 p.m.•121 views

odfs_rce_poc

Online Discussion Forum Site 1.0 - Remote Code Execution PoC...

7.5AI score

Exploits0

RedhatCVE•added 2026/01/09 9:49 a.m.•2 views

CVE-2020-24723

Cross Site Scripting XSS vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1...

4.8CVSS6AI score0.00389EPSS

Exploits1References1

OSV•added 2026/01/02 10:15 a.m.•2 views

CVE-2026-0547

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

8.8CVSS5.4AI score0.00035EPSS

Exploits1References5

Vulnrichment•added 2025/12/12 3:32 p.m.•3 views

CVE-2025-14566 kidaze CourseSelectionSystem reg.php sql injection

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

7.5CVSS7.2AI score0.00028EPSS

Exploits1References5

RedhatCVE•added 2025/10/11 8:7 p.m.•5 views

CVE-2025-11582

A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated remotely. The exploit is now public and m...

9.8CVSS7.1AI score0.00042EPSS

Exploits1References1

CNNVD•added 2025/10/11 12:0 a.m.•1 views

Code-Projects E-Banking System SQL注入漏洞

E-Banking System is an electronic banking system. E-Banking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /register.php. An attacker can exploit this vulnerability ...

9.8CVSS8.2AI score0.00042EPSS

Exploits1References5

OSV•added 2025/10/10 8:15 p.m.•3 views

CVE-2025-11582

9.8CVSS5.8AI score0.00042EPSS

Exploits1References5

Positive Technologies•added 2025/10/10 12:0 a.m.•4 views

PT-2025-41592

Name of the Vulnerable Software and Affected Versions code-projects Online Job Search Engine version 1.0 Description A SQL injection issue exists in code-projects Online Job Search Engine 1.0. The flaw is located in the handling of the txtusername parameter within the /registration.php script...

7.5CVSS7.6AI score0.00042EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-3790

Malware in sbrugna...

4.3CVSS6.4AI score0.00285EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2013-6770

Malware in sbrugna...

4.3CVSS6.4AI score0.00347EPSS

Exploits0References5