CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-26861

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00777EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-26864

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00777EPSS

RedhatCVE•added 2025/05/22 4:37 a.m.•4 views

CVE-2019-15814

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML...

5.4CVSS5.8AI score0.00188EPSS

Exploits5References1

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

6.1CVSS5.8AI score

NVD•added 2024/03/21 2:15 p.m.•11 views

CVE-2024-29878

7.1CVSS6.2AI score0.00092EPSS

6.1CVSS5.8AI score0.00079EPSS

CVE-2024-29879

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

NVD•added 2024/03/21 2:15 p.m.•8 views

CVE-2024-29875

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sortname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it...

9.8CVSS5.9AI score0.00777EPSS

CVE-2024-29875

NVD•added 2024/03/21 2:15 p.m.•8 views

CVE-2024-29873

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it...

CVE-2024-29873

9.8CVSS5.9AI score

NVD•added 2024/03/21 2:15 p.m.•10 views

CVE-2024-29872

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it...

CVE-2024-29870

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'businessid' parameter. The exploitation of this vulnerability could allow a remote user to send a speciall...

9.8CVSS5.9AI score

NVD•added 2024/03/21 2:15 p.m.•10 views

CVE-2024-29870

9.8CVSS9.7AI score0.00801EPSS

CVE•added 2024/03/21 1:51 p.m.•51 views

CVE-2024-29879

CVE-2024-29879 describes a Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2. The flaw arises in the business_id parameter of the URL path /sentrifugo/index.php/index/getdepartments/format/html, where insufficient input filtering/escaping enables injection of arbitrary script code. Impac...

7.1CVSS6.3AI score0.00079EPSS

Exploits0References1Affected Software1

CVE•added 2024/03/21 1:50 p.m.•55 views

CVE-2024-29877

Sentrifugo 3.2 is affected by a Cross-Site Scripting (XSS) vulnerability in the endpoint /sentrifugo/index.php/expenses/expensecategories/edit, via the expense_category_name parameter. The issue arises from insufficient input filtering/escaping, enabling a remote attacker to craft a URL that coul...

7.1CVSS6.3AI score0.00079EPSS

Exploits0References1Affected Software1

CVE•added 2024/03/21 1:48 p.m.•55 views

CVE-2024-29875

Summary: CVE-2024-29875 concerns a SQL injection in Sentrifugo 3.2 via the sort_name parameter in /sentrifugo/index.php/default/reports/exportactiveuserrpt. Several connected sources corroborate the flaw and its impact of potentially exposing all data. The available documents do not specify a fix...