CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 8 hours ago•3 views

EUVD-2019-20173

Vulnrichment•added 8 hours ago•3 views

CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

Cvelist•added 8 hours ago•4 views

CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting

7.2CVSS

CVE•added 8 hours ago•6 views

CVE-2019-25737

Live Chat Unlimited 2.8.3 is affected by a stored cross-site scripting (XSS) vulnerability. Unauthenticated attackers can inject malicious scripts via the chat input field, which can execute in the admin area and may lead to cookie theft or forced redirects to malicious sites. CVSS data from the ...

Positive Technologies•added 21 hours ago•4 views

PT-2026-46207

CVE•added 2026/05/19 8:38 p.m.•11 views

Exploits0References5

CVE-2026-34233

CVE-2026-34233 affects CtrlPanel, an open-source billing app. In versions ≤1.1.1, multiple admin controllers expose DataTable endpoints that can be reached via GET and lack any authorization checks. Despite routes living under the /admin/ prefix, the route group middleware does not enforce admin-...

6.5CVSS5.7AI score0.00032EPSS

RedhatCVE•added 2026/05/16 1:56 a.m.•6 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

NVD•added 2026/05/14 9:16 p.m.•5 views

CVE-2026-42847

7.1CVSS0.00034EPSS

Vulnrichment•added 2026/05/14 8:45 p.m.•4 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cvelist•added 2026/05/14 8:45 p.m.•25 views

CVE-2026-42847 ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.1CVSS0.00034EPSS

CVE•added 2026/05/14 8:45 p.m.•7 views

CVE-2026-42847

CVE-2026-42847 affects ClipBucket v5 prior to 5.5.3 - #122. The vulnerability is a SQL injection in the authenticated admin endpoint admin_area/action_logs.php, where the GET parameter $_GET['type'] is read, stored, and concatenated into a SQL WHERE condition on action_type in fetch_action_logs()...

CNNVD•added 2026/05/14 12:0 a.m.•6 views

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 – version 122 – contained a SQL injection vulnerability. This vulnerability occurred due to the lack of parameterization of the...

Vulnrichment•added 2026/04/22 7:45 a.m.•0 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00012EPSS

Exploits0References17

CVE•added 2026/04/22 7:45 a.m.•5 views

CVE-2026-4090

Technical details beyond the CVE entry are not provided in the connected documents. Monitor for updates on affected plugin versions and remediation status.

6.1CVSS5.7AI score0.00012EPSS

Exploits0References17

Positive Technologies•added 2026/04/22 12:0 a.m.•5 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00012EPSS

Exploits0References19

OSV•added 2026/04/10 8:49 a.m.•0 views

BIT-JOOMLA-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00001EPSS

Vulnrichment•added 2026/04/08 11:0 p.m.•3 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00043EPSS

Exploits0References5

RedhatCVE•added 2026/04/02 10:53 a.m.•1 views

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00001EPSS

EUVD•added 2026/04/01 12:31 p.m.•0 views

EUVD-2026-17853

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

6.3CVSS5.8AI score0.00001EPSS