CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added yesterday•5 views

CVE-2026-56032

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS

Exploits0References1

EUVD•added 2026/06/15 8:18 p.m.•7 views

EUVD-2026-36807

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References1

Tenable Nessus•added 2026/02/21 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires befo...

3.7CVSS5.4AI score0.00197EPSS

Exploits2References3

UbuntuCve•added 2026/01/10 7:16 a.m.•5 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS5.9AI score0.00077EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 12:38 p.m.•8 views

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

5.4CVSS5.9AI score0.00663EPSS

Exploits1References1

Vulnrichment•added 2025/02/25 8:4 p.m.•8 views

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

2.7CVSS4.3AI score0.00346EPSS

Exploits0References2

Positive Technologies•added 2025/01/14 12:0 a.m.•2 views

PT-2025-1278 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.0.4 and earlier Description: The issue is a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction,...

7.8CVSS7.8AI score0.00259EPSS

Exploits0References7

Cvelist•added 2024/06/06 9:35 p.m.•30 views

CVE-2024-36775

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page...

0.00333EPSS

Exploits1References1

CNNVD•added 2021/07/06 12:0 a.m.•3 views

Monstra CMS 跨站脚本漏洞

Monstra is a lightweight content management system CMS. A cross-site scripting vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the page function in admin/index.php...

5.4CVSS5.1AI score0.01885EPSS

Exploits1References2