CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

RedhatCVE•added 2026/06/06 6:43 p.m.•13 views

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS5.3AI score0.01044EPSS

Exploits0References1

GithubExploit•added 2026/05/30 7:8 p.m.•87 views

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 — PaperCut NG/MF Authentication Bypass & RCE S...

9.8CVSS8.1AI score0.99999EPSS

Exploits24

NVD•added 2026/05/29 4:16 p.m.•9 views

CVE-2018-25396

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS0.00313EPSS

Exploits0References2

CNNVD•added 2026/05/29 12:0 a.m.•8 views

Heatmiser Wifi Thermostat 安全漏洞

The Heatmiser Wifi Thermostat is a smart temperature control device from the British company Heatmiser, capable of wireless connection and remote control. Version 1.7 of the Heatmiser Wifi Thermostat contains a security vulnerability. This vulnerability stems from accessing the networkSetup.htm...

8.7CVSS5.8AI score0.00313EPSS

Exploits0References2

CNNVD•added 2026/05/20 12:0 a.m.•6 views

WordPress plugin Anomify AI 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00168EPSS

Exploits0References1

Vulnrichment•added 2026/05/10 12:43 p.m.•6 views

CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

6.4CVSS5.6AI score0.00193EPSS

Exploits0References4

Positive Technologies•added 2026/05/10 12:0 a.m.•6 views

PT-2026-39503

6.4CVSS5.6AI score0.00193EPSS

Exploits0References5

RedhatCVE•added 2026/04/23 8:38 p.m.•2 views

CVE-2026-41459

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS5.8AI score0.00801EPSS

Exploits1References1

EUVD•added 2026/04/22 9:32 p.m.•6 views

EUVD-2026-25073

6.9CVSS5.8AI score0.00801EPSS

Exploits1References6

NVD•added 2026/04/22 7:17 p.m.•2 views

CVE-2026-41459

6.9CVSS0.00801EPSS

Exploits1References6

ATTACKERKB•added 2026/04/22 6:32 p.m.•2 views

CVE-2026-41459

6.9CVSS5.8AI score0.00801EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2026/04/22 6:32 p.m.•3 views

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

6.9CVSS5.8AI score0.00801EPSS

Exploits1References6

Cvelist•added 2026/04/22 6:32 p.m.•29 views

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

6.9CVSS0.00801EPSS

Exploits1References6

CNNVD•added 2026/04/22 12:0 a.m.•6 views

WordPress plugin Kcaptcha 跨站请求伪造漏洞

4.3CVSS5.8AI score0.00178EPSS

Exploits0References2

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34539

6.9CVSS5.8AI score0.00801EPSS

Exploits1References8

CNNVD•added 2026/04/22 12:0 a.m.•7 views

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the unvalidated user-accessible /setup page, which allowed access to the...

6.9CVSS5.8AI score0.00801EPSS

Exploits1References2

Github Security Blog•added 2026/04/04 6:8 a.m.•4 views

Directus: Open Redirect in Admin 2FA Setup Page

Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...

4.3CVSS5.9AI score0.00256EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/02/19 12:0 a.m.•2 views

WordPress plugin PostmarkApp Email Integrator 跨站脚本漏洞

4.4CVSS5.8AI score0.00244EPSS

Exploits0References5

Metasploit•added 2026/02/16 6:59 p.m.•289 views

ChurchCRM Unauthenticated RCE via Setup Page

ChurchCRM use exploit/multi/http/churchcrminstallunauthrce msf exploitchurchcrminstallunauthrce show targets ...targets... msf exploitchurchcrminstallunauthrce set TARGET msf exploitchurchcrminstallunauthrce show options ...show and set options... msf exploitchurchcrminstallunauthrce exploit This...

10CVSS6.4AI score0.04151EPSS

Exploits3

Packet Storm•added 2026/02/16 12:0 a.m.•126 views

📄 ChurchCRM 6.8.0 Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the installation process of ChurchCRM versions 6.8.0 and earlier. By sending a specially crafted POST request to the setup page, an attacker can execute arbitrary commands on the target server. This Metasplo...

10CVSS7AI score0.04151EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by