CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

147 matches found

Prion•added 2023/11/13 4:15 p.m.•14 views

Cross site request forgery (csrf)

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/add...

6.8CVSS7.8AI score0.00364EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/11/13 12:0 a.m.•8 views

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/run...

7.7AI score0.00364EPSS

Exploits1References1

NVD•added 2023/10/17 2:15 p.m.•16 views

CVE-2023-45906

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...

8.8CVSS8.9AI score0.00324EPSS

Exploits1References1

NVD•added 2023/10/17 2:15 p.m.•9 views

CVE-2023-45905

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/variable/add...

8.8CVSS8.9AI score0.00324EPSS

Exploits1References1

Positive Technologies•added 2023/10/17 12:0 a.m.•4 views

PT-2023-29756 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/attachment/delete". This issue allows for unauthorized requests to be made on behalf of a user. Recommendations: For Dreame...

8.8CVSS6.7AI score0.00324EPSS

Exploits1References8

OSV•added 2023/09/27 3:19 p.m.•29 views

CVE-2023-43857

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /admin/u/toIndex...

5.4CVSS5.9AI score0.00386EPSS

Exploits1References1

NVD•added 2023/07/13 4:15 p.m.•16 views

CVE-2023-37744

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-booking-request.php...

6.1CVSS0.00314EPSS

Exploits0References1

NVD•added 2023/07/13 4:15 p.m.•12 views

CVE-2023-37745

A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component...

6.1CVSS0.00314EPSS

Exploits0References1

Prion•added 2023/07/13 4:15 p.m.•17 views

Cross site scripting

5.8CVSS5.9AI score0.00314EPSS

Exploits0References1Affected Software1

Prion•added 2023/07/13 4:15 p.m.•14 views

Cross site scripting

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-booking-request.php...

5.8CVSS6AI score0.00314EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/07/13 12:0 a.m.•14 views

CVE-2023-37744

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-booking-request.php...

6.2AI score0.00314EPSS

Exploits0References1

Cvelist•added 2023/07/13 12:0 a.m.•12 views

CVE-2023-37746

A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...

6AI score0.00314EPSS

Exploits0References1

NVD•added 2023/06/21 8:15 p.m.•19 views

CVE-2023-33591

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-result.php...

6.1CVSS6.1AI score0.00312EPSS

Exploits0References2

OSV•added 2023/06/20 3:31 p.m.•12 views

GHSA-6VF2-MFMR-QQQW Liufee CMS File Upload vulnerability

File Upload vulnerability in Liufee CMS, AKA Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

9.8CVSS9.6AI score0.01303EPSS

Exploits1References4

Github Security Blog•added 2023/06/20 3:31 p.m.•22 views

Liufee CMS File Upload vulnerability

File Upload vulnerability in Liufee CMS, AKA Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

9.8CVSS7.8AI score0.01303EPSS

Exploits1References4Affected Software1

Prion•added 2023/06/20 3:15 p.m.•13 views

Unrestricted file upload

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

7.5CVSS9.6AI score0.01303EPSS

Exploits1References1Affected Software1

Prion•added 2023/05/05 12:15 p.m.•13 views

Sql injection

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/addikev2.php...

7.5CVSS9.7AI score0.00731EPSS

Exploits0References3Affected Software1

Zero Day Initiative•added 2022/10/14 12:0 a.m.•29 views

Adobe ColdFusion Admin Component Use of Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Admin Component service. The service uses a hard-coded password for the administrato...

6.5CVSS3.1AI score0.44021EPSS

Exploits0References1

Prion•added 2022/10/12 12:15 a.m.•22 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

5.8CVSS7.3AI score0.01047EPSS

Exploits1References1Affected Software1

CNVD•added 2022/09/28 12:0 a.m.•16 views

Wedding Planner client_assign.php SQL Injection Vulnerability

Wedding Planner is a wedding planner project by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally...

8.8CVSS8.8AI score0.00826EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by