CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1225 matches found

CVE•added 2026/02/22 1:18 p.m.•9 views

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...

8.8CVSS6.3AI score0.00132EPSS

Exploits0References2

ATTACKERKB•added 2026/02/22 1:18 p.m.•3 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.3AI score0.00132EPSS

Exploits0References2

CNNVD•added 2026/02/22 12:0 a.m.•4 views

Inventory Webapp SQL注入漏洞

Inventory Webapp is a browser-based inventory management system developed by Inventory Company. The Inventory Webapp has a SQL injection vulnerability, which stems from SQL injections in GET parameters. This vulnerability could allow unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00132EPSS

Exploits0References2

vulnersOsv•added 2026/02/19 3:18 p.m.•5 views

@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +53 more potentially affected by CVE-2026-27122 via svelte (>=5.0.0-next.1 <=5.51.2)

svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =0.1.1-alpha.24, =0.1.3-next.2 and more Source cves: CVE-2026-27122 Source advisory: SNYK:JS-SVELTE-15322733...

5.4CVSS5.4AI score0.00011EPSS

Exploits0

VulnCheck KEV•added 2026/01/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2025-55749

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

8.7CVSS5.8AI score0.00969EPSS

In wildExploits0References2

RedhatCVE•added 2026/01/09 9:33 a.m.•3 views

CVE-2024-41618

Money Manager EX WebApp web-money-manager-ex 1.2.2 is vulnerable to SQL Injection in the transactiondeletegroup function. The vulnerability is due to improper sanitization of user input in the TrDeleteArr parameter, which is directly incorporated into an SQL query...

9.8CVSS8AI score0.00142EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:14 a.m.•12 views

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

4.4CVSS6.3AI score0.00063EPSS

Exploits0References1

NVD•added 2025/12/24 8:15 p.m.•6 views

CVE-2019-25234

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...

5.3CVSS0.00016EPSS

Exploits1References3

Cvelist•added 2025/12/24 7:27 p.m.•23 views

CVE-2019-25234 Carlo Gavazzi SmartHouse Webapp 6.5.33 Cross-Site Request Forgery and XSS

5.3CVSS0.00016EPSS

Exploits1References3

Vulnrichment•added 2025/12/24 7:27 p.m.•1 views

CVE-2019-25234 Carlo Gavazzi SmartHouse Webapp 6.5.33 Cross-Site Request Forgery and XSS

5.3CVSS6.3AI score0.00016EPSS

Exploits1References3

CVE•added 2025/12/24 7:27 p.m.•7 views

CVE-2019-25234

CVE-2019-25234 affects Carlo Gavazzi SmartHouse Webapp 6.5.33. The connected documents confirm multiple vulnerabilities: cross-site request forgery (CSRF) and cross-site scripting (XSS) that could allow attackers to perform unauthorized actions by tricking logged-in users into visiting malicious ...

5.3CVSS6.3AI score0.00016EPSS

Exploits1References3

CNNVD•added 2025/12/24 12:0 a.m.•2 views

Carlo Gavazzi SmartHouse Webapp 安全漏洞

Carlo Gavazzi SmartHouse Webapp is a software platform for remote management of smart home devices from Carlo Gavazzi, USA. A security vulnerability exists in Carlo Gavazzi SmartHouse Webapp version 6.5.33, which stems from the presence of multiple cross-site request forgery and cross-site...

5.3CVSS6.6AI score0.00016EPSS

Exploits1References3

Snyk•added 2025/12/18 8:46 p.m.•2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere through the...

6.9CVSS6.9AI score0.00044EPSS

Exploits0References2

RedhatCVE•added 2025/12/08 6:11 p.m.•2 views

CVE-2025-55749

8.7CVSS6.9AI score0.00969EPSS

Exploits0References1

Redos•added 2025/12/02 12:0 a.m.•3 views

ROS-20251202-04

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to reading outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information Vulnerability in the WebApp Instal...

4.3CVSS6.4AI score0.00093EPSS

Exploits1

NVD•added 2025/12/01 9:15 p.m.•3 views

CVE-2025-55749

8.7CVSS0.00969EPSS

Exploits0References5