CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

ATTACKERKB•added 2026/04/12 12:28 p.m.•4 views

CVE-2019-25699

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

7.1CVSS5.9AI score0.00012EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/12 12:0 a.m.•3 views

PT-2026-32164

7.1CVSS5.9AI score0.00012EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-0864

Malware in sbrugna...

5CVSS6.4AI score0.00647EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-13645

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00274EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28128

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.0014EPSS

Exploits1References1

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-24585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or...

5.4CVSS5.7AI score0.00206EPSS

Exploits1References2

CNNVD•added 2025/08/05 12:0 a.m.•2 views

pybbs 代码注入漏洞

pybbs is a community platform for Java development by iuiu individual developers. A code injection vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from improper handling of the parameter Username in the file /admin/comment/list, which could lead to a cross-site scripting...

5.4CVSS4.8AI score0.00215EPSS

Exploits1References7

OSV•added 2025/06/26 4:15 p.m.•2 views

CVE-2025-6702

A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has...

5.3CVSS6.5AI score

Exploits0References5

RedhatCVE•added 2025/05/22 4:29 p.m.•5 views

CVE-2020-21013

emlog v6.0.0 contains a SQL injection via /admin/comment.php...

7.2CVSS7.9AI score0.00255EPSS

Exploits1

Vulnrichment•added 2025/05/15 7:33 p.m.•5 views

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

4.8CVSS5.7AI score0.0014EPSS

Exploits1References1

Cvelist•added 2025/05/15 7:33 p.m.•8 views

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

4.8CVSS0.0014EPSS

Exploits1References1

CVE•added 2025/05/15 7:33 p.m.•31 views

CVE-2025-47786

CVE-2025-47786 affects Emlog 2.5.13. The vulnerability is a stored cross-site scripting issue in /admin/comment.php where the unvalidated parameter perpage_num is stored in the database (admin_commend_perpage_num) and the output is not filtered, allowing a registered user to inject JavaScript tha...

4.8CVSS5.7AI score0.0014EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/05/15 12:0 a.m.•1 views

emlog 跨站脚本漏洞

emlog is emlog open source a PHP and MySQL based CMS site building system. A cross-site scripting vulnerability exists in emlog version 2.5.13, which originates from the unvalidated perpagenum parameter in /admin/comment.php, and could lead to a stored cross-site scripting attack...

4.8CVSS5.8AI score0.0014EPSS

Exploits1References1

NVD•added 2025/05/06 9:16 p.m.•15 views

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...

9.8CVSS0.00274EPSS

Exploits1References1

CVE•added 2025/05/06 12:0 a.m.•56 views

CVE-2025-44073

SeaCMS v13.3 is affected by a SQL injection in the admin_comment_news.php component. The vulnerability allows unauthenticated, network-based exploitation with high impact on confidentiality, integrity, and availability (CVSS 3.1: 9.8, CRITICAL). Root cause details are not elaborated beyond the SQ...

9.8CVSS7.9AI score0.00274EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2025/05/06 12:0 a.m.•3 views

PT-2025-19959 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin comment news.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin comment...

9.8CVSS7.3AI score0.00274EPSS

Exploits1References6

NVD•added 2022/09/09 2:15 p.m.•10 views

CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

7.2CVSS0.00346EPSS

Exploits1References1

OSV•added 2022/09/09 2:15 p.m.•13 views

CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

7.2CVSS8AI score

Exploits0References1