CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

CNNVD•added 2026/05/11 12:0 a.m.•4 views

WeGIA 信息泄露漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained an information leakage vulnerability. This vulnerability stemmed from the overly detailed error messages displayed by atendido/familiardocfamiliar.php, which could lead to...

6.9CVSS5.8AI score0.00055EPSS

Exploits0References2

EUVD•added 2026/03/12 2:22 p.m.•3 views

EUVD-2026-11379

Copyparty has unexpected JavaScript execution via crafted URL to folder with .prologue.html...

3.7CVSS5.9AI score0.0001EPSS

Exploits0References2

Vulnrichment•added 2026/01/18 2:2 p.m.•3 views

CVE-2026-1122 Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

7.5CVSS7.1AI score0.00015EPSS

Exploits0References4

Cvelist•added 2025/12/19 9:7 p.m.•18 views

CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS0.00094EPSS

Exploits0References3

CVE•added 2025/12/15 8:28 p.m.•5 views

CVE-2023-53883

Webedition CMS v2.9.8.8 is affected by a remote code execution vulnerability via PHP page creation. The issue allows authenticated attackers to inject and execute system commands by placing malicious commands in the description field when creating a PHP page, enabling arbitrary command execution ...

8.6CVSS8.2AI score0.00488EPSS

Exploits1References3Affected Software1

CVE•added 2025/12/15 8:28 p.m.•3 views

CVE-2023-53880

CVE-2023-53880 affects Lucee 5.4.2.17, with an authenticated reflected cross-site scripting vulnerability in administrative interface parameters. The vulnerability allows an attacker to craft payloads targeting admin pages such as server.cfm and web.cfm to inject and execute arbitrary JavaScript ...

4.8CVSS6AI score0.00051EPSS

Exploits0References3

CVE•added 2025/11/11 12:20 a.m.•6 views

CVE-2025-42924

Summary (CVE-2025-42924) : The issue affects SAP S/4HANA landscape, specifically the SAP E-Recruiting BSP. An unauthenticated attacker can craft malicious links that, when clicked, redirect the victim to a page controlled by the attacker (open redirect). The documented impact is low for confident...

6.1CVSS6.5AI score0.00085EPSS

Exploits0References2

RedhatCVE•added 2025/10/29 3:19 p.m.•2 views

CVE-2025-34308

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

5.4CVSS6AI score0.00024EPSS

Exploits0References1

EUVD•added 2025/10/28 3:30 p.m.•1 views

EUVD-2025-36513

5.1CVSS5.5AI score0.00024EPSS

Exploits0References4

NVD•added 2025/10/28 3:16 p.m.•6 views

CVE-2025-34308

5.4CVSS0.00024EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 2:36 p.m.•2 views

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

5.1CVSS5.6AI score0.00024EPSS

Exploits0References3

CVE•added 2025/10/28 2:36 p.m.•6 views

CVE-2025-34308

IPFire 2.x before 2.29 (Core Update 198) has a stored XSS via the UPDATE_VALUE parameter when updating Time Server settings. An authenticated user can submit arbitrary JavaScript to /cgi-bin/time.cgi; the value is stored and later rendered in the web interface, allowing script execution in other ...

5.4CVSS5.6AI score0.00024EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/10/28 2:36 p.m.•5 views

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

5.1CVSS0.00024EPSS

Exploits0References3

Positive Technologies•added 2025/10/28 12:0 a.m.•7 views

PT-2025-44167

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the UPDA...

5.4CVSS5.8AI score0.00024EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2003-1323

Malware in sbrugna...

10CVSS6.4AI score0.01223EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-2325

Malware in sbrugna...

4.3CVSS6.4AI score0.00369EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2007-4410

Malware in sbrugna...

3.5CVSS6.4AI score0.00266EPSS

Exploits0References5

Positive Technologies•added 2025/10/05 12:0 a.m.•2 views

PT-2025-40826

Name of the Vulnerable Software and Affected Versions Tipray Data Leakage Prevention System version 1.0 Description A flaw exists in Tipray Data Leakage Prevention System. Specifically, manipulation of the sort argument within the findFileServerPage function, accessible through the...

7.5CVSS7.3AI score0.00046EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-14092

Malicious code in bioql PyPI...

5.4CVSS3.9AI score0.00132EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-16792

Malicious code in bioql PyPI...

4.8CVSS3.9AI score0.0016EPSS

Exploits1References6