CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

EUVD-2018-21931

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00043EPSS

Exploits0References4

CNNVD•added 4 days ago•3 views

SIM-PKH 代码问题漏洞

SIM-PKH is a community-based poverty alleviation data management system developed by Insan Sutejo. Version 2.4.1 of SIM-PKH has code vulnerabilities. These vulnerabilities arise from submitting PHP code via the fupload parameter. This may allow authenticated attackers to upload malicious files,...

8.8CVSS5.9AI score0.00043EPSS

Exploits0References4

Positive Technologies•added 4 days ago•6 views

PT-2026-45109

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi pengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00043EPSS

Exploits0References5

NVD•added 2026/04/29 4:16 p.m.•1 views

CVE-2025-56534

A cross-site scripting XSS vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00032EPSS

Exploits2References2

Positive Technologies•added 2026/03/15 12:0 a.m.•1 views

PT-2026-25717

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

6.1CVSS6AI score0.00055EPSS

Exploits1References5

OSV•added 2026/02/16 6:19 p.m.•0 views

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

6.1CVSS5.9AI score0.00042EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 12:40 p.m.•6 views

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

5.4CVSS6AI score0.0027EPSS

Exploits1References1

CNNVD•added 2025/12/29 12:0 a.m.•2 views

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

6.1CVSS6AI score0.0002EPSS

Exploits0References3

CNVD•added 2025/12/12 12:0 a.m.•2 views

MailEnable FieldTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.2AI score0.00011EPSS

Exploits0References1

Snyk•added 2025/10/23 6:31 p.m.•4 views

Cross-site Scripting (XSS)

Overview Piranha.Manager is a manager panel for Piranha CMS for AspNetCore. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the /manager/pages component when user-supplied input is injected into Markdown blocks. An attacker can execute arbitrary web scripts or HTML...

6.1CVSS5.3AI score0.00045EPSS

Exploits1References2

CNVD•added 2025/10/21 12:0 a.m.•2 views

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

5.4CVSS6.2AI score0.00009EPSS

Exploits0References1

CNVD•added 2025/10/17 12:0 a.m.•3 views

Centreon cross-site scripting vulnerability (CNVD-2025-24648)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

6.8CVSS7.1AI score0.0002EPSS

Exploits0References1

CNNVD•added 2025/10/14 12:0 a.m.•2 views

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

6.8CVSS6.2AI score0.0002EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-0803

Malware in sbrugna...

4.3CVSS6.4AI score0.00809EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2004-1128

Malware in sbrugna...

6.8CVSS6.4AI score0.01009EPSS

Exploits0References5