CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1969 matches found

ATTACKERKB•added 2026/05/26 7:30 p.m.•7 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00013EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/12 12:0 a.m.•3 views

Akıllı E-Commerce Website SQL注入漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...

9.8CVSS5.9AI score0.0004EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 8:21 p.m.•3 views

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.7AI score0.00292EPSS

Exploits1References1

GithubExploit•added 2026/04/23 9:8 a.m.•59 views

web-vulnerability-scanner

web-vulnerability-scanner This Reposito...

5.8AI score

Exploits0

NVD•added 2026/03/05 6:16 a.m.•0 views

CVE-2026-22414

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Marra marra allows PHP Local File Inclusion.This issue affects Marra: from n/a through = 1.2...

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•24 views

CVE-2026-28130 WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through = 4.14.0...

7.1CVSS0.00045EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:54 a.m.•3 views

CVE-2026-28128

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through = 1.7.0...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:53 a.m.•25 views

CVE-2026-27335 WordPress Ekoterra - NonProfit, Green Energy & Ecology Theme theme <= 1.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: fr...

8.1CVSS0.00172EPSS

Exploits0References1

OSV•added 2026/02/17 6:9 p.m.•3 views

GO-2026-4445 Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) in github.com/bishopfox/sliver

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read Authenticated in github.com/bishopfox/sliver...

6.5CVSS5.5AI score0.00021EPSS

Exploits1References3

Cvelist•added 2026/02/08 3:32 p.m.•30 views

CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

5.3CVSS0.00044EPSS

Exploits1References5

Packet Storm•added 2026/02/05 12:0 a.m.•96 views

📄 Online Vehicle Service Management System 1.0 Add Administrator

Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...

5.3AI score

Exploits0

RedhatCVE•added 2026/01/07 9:39 a.m.•2 views

CVE-1999-0509

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands...

10CVSS7.8AI score0.01893EPSS

Exploits0References1

RedhatCVE•added 2025/12/18 11:36 p.m.•1 views

CVE-2023-53925

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

6.1CVSS6.5AI score0.00029EPSS

Exploits1References1

CNNVD•added 2025/12/05 12:0 a.m.•1 views

WordPress plugin Feedback Modal for Website 安全漏洞

...

5.3CVSS5.8AI score0.0007EPSS

Exploits0References3

CNVD•added 2025/11/12 12:0 a.m.•5 views

Responsive Hotel Site reservation.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/reservation.php. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00029EPSS

Exploits1References1

CVE•added 2025/10/07 9:32 p.m.•5 views

CVE-2025-11410

Affects Campcodes Advanced Online Voting Management System 1.0. The vulnerability lies in the /admin/voters_add.php endpoint where manipulating the firstname argument can cause a SQL injection. It is remotely exploitable and an exploit has been published; other parameters may be affected. Remedia...

8.8CVSS6.3AI score0.00042EPSS

Exploits1References5Affected Software1