CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

RedhatCVE•added 2026/06/11 2:59 p.m.•13 views

CVE-2026-41003

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10;...

7.6CVSS5.8AI score0.00204EPSS

Exploits0References1

Snyk•added 2026/06/10 1:13 a.m.•3 views

Cross-site Scripting (XSS)

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RelyingPartyRegistration function. An attacker can execute arbitrary scripts in the...

7.6CVSS5.3AI score0.00204EPSS

Exploits0References2

EUVD•added 2026/04/12 3:30 p.m.•3 views

EUVD-2019-20139

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

5.3CVSS5.7AI score0.00129EPSS

Exploits1References3

NVD•added 2026/04/12 1:16 p.m.•2 views

CVE-2019-25708

5.3CVSS0.00129EPSS

Exploits1References2

Patchstack•added 2026/03/27 11:24 a.m.•4 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00473EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/25 6:47 p.m.•4 views

DRUPAL-CONTRIB-2026-015

This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...

6.5CVSS5.7AI score0.00268EPSS

Exploits0References1

Drupal•added 2026/02/25 12:0 a.m.•12 views

CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

6.5CVSS5.5AI score0.00268EPSS

Exploits0References3

Positive Technologies•added 2026/02/25 12:0 a.m.•7 views

PT-2026-22086

Name of the Vulnerable Software and Affected Versions Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 Description A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on...

6.5CVSS5.9AI score0.00268EPSS

Exploits0References5

ATTACKERKB•added 2026/01/29 2:28 p.m.•4 views

CVE-2020-37007

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...

5.3CVSS5.8AI score0.00162EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/01/29 2:28 p.m.•32 views

CVE-2020-37007 Liman 0.7 - Cross-Site Request Forgery (Change Password)

5.3CVSS0.00162EPSS

Exploits1References3

Packet Storm News•added 2025/12/28 12:0 a.m.•4 views

Breaking the Illusion: Automated Reasoning of GDPR Consent Violations

Recent privacy regulations such as the General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA have established legal requirements for obtaining user consent regarding the collection, use, and sharing of personal data. These regulations emphasize that consent must be...

6.8AI score

Exploits0

RedhatCVE•added 2025/12/24 7:36 p.m.•3 views

CVE-2021-47722

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

5.1CVSS6.7AI score0.00176EPSS

Exploits1References1

Vulnrichment•added 2025/12/17 4:31 a.m.•2 views

CVE-2025-13861 HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...

6.1CVSS5AI score0.00215EPSS

Exploits0References4

Packet Storm News•added 2025/11/10 12:0 a.m.•5 views

Wapiti Web Application Vulnerability Scanner 3.2.9 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.2AI score

Exploits0

Positive Technologies•added 2025/11/08 12:0 a.m.•8 views

PT-2025-45548

Name of the Vulnerable Software and Affected Versions HTML Forms – Simple WordPress Forms Plugin versions up to and including 1.5.5 Description The software contains a flaw that allows an attacker with administrator-level permissions to inject malicious web scripts into pages. This is due to...

4.4CVSS6.3AI score0.00168EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-1353

Malware in sbrugna...

6.5CVSS5.5AI score0.01124EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2003-1272

Malware in sbrugna...

5CVSS6.4AI score0.01373EPSS

Exploits0References4