CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/05 12:18 a.m.•0 views

GHSA-XHJH-PMCV-23JW Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00061EPSS

Exploits1References3

EUVD•added 2026/05/05 12:18 a.m.•0 views

EUVD-2026-25590

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams...

3.7CVSS5.8AI score0.00061EPSS

Exploits1References2

NVD•added 2026/04/24 6:16 p.m.•0 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00061EPSS

Cvelist•added 2026/04/24 5:40 p.m.•28 views

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

3.7CVSS0.00061EPSS

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33401

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search' parameters in all versions up to, and including, 1.15.40. This is due to the WDW FM Library::validate data method calling stripslashes...

4.9CVSS5.9AI score0.00019EPSS

Exploits0References9

CNNVD•added 2026/04/12 12:0 a.m.•1 views

Newsbull SQL注入漏洞

Newsbull is a news website content management system developed by Gürkan Uzunca. Version 1.0.0 of Newsbull has a SQL injection vulnerability, which stems from insufficient input validation for the search parameters across multiple endpoints, potentially allowing SQL injection attacks...

7.1CVSS5.8AI score0.00012EPSS

Exploits1References4

CNNVD•added 2026/04/07 12:0 a.m.•3 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned or improperly encoded dashboard search parameters, which could lead to cross-site scripting attacks...

8.6CVSS5.6AI score0.00054EPSS

NVD•added 2026/02/01 1:15 p.m.•3 views

CVE-2021-47920

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external...

5.4CVSS0.00019EPSS

CVE•added 2026/02/01 12:15 p.m.•5 views

CVE-2021-47920

CVE-2021-47920 affects WebMO Job Manager 20.0. The vulnerability is a cross-site scripting flaw in search parameters, exploitable through the filterSearch and filterSearchType fields, enabling remote attackers to inject script code. Described impacts include non-persistent attacks such as session...

Vulnrichment•added 2026/02/01 12:15 p.m.•3 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

5.4CVSS5.1AI score0.00019EPSS

ATTACKERKB•added 2026/02/01 12:15 p.m.•3 views

CVE-2021-47920

Exploits0References3Affected Software1

EUVD•added 2026/02/01 12:15 p.m.•5 views

EUVD-2021-34751

Cvelist•added 2026/02/01 12:15 p.m.•29 views

CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

5.4CVSS0.00019EPSS

Positive Technologies•added 2026/02/01 12:0 a.m.•5 views

PT-2026-5565

CNNVD•added 2025/12/04 12:0 a.m.•1 views

Exploits0References4

Loaded Commerce 操作系统命令注入漏洞

Loaded Commerce is an open source e-commerce platform from Loaded Commerce, Inc. An operating system command injection vulnerability exists in Loaded Commerce version 6.6, which stems from a client-side template injection vulnerability that could lead to code execution on the server via search...

6.9CVSS8AI score0.00352EPSS

Exploits0References4

CNVD•added 2025/11/11 12:0 a.m.•1 views

Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.0003EPSS

Exploits0References1

OSV•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34246

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score

OSV•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score