CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1747 matches found

NVD•added 2026/02/19 11:16 p.m.•13 views

CVE-2026-26952

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...

5.4CVSS0.0024EPSS

Exploits0References3

ATTACKERKB•added 2026/02/19 10:50 p.m.•4 views

CVE-2026-26953

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...

5.4CVSS6.2AI score0.00294EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/19 10:50 p.m.•4 views

CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table

5.4CVSS6.2AI score0.00294EPSS

Exploits1References3

ATTACKERKB•added 2026/02/19 10:43 p.m.•4 views

CVE-2026-26952

5.4CVSS5.7AI score0.0024EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20961

Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.0 through 6.4.0 Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, contains a Stored HTML Injection issue in the active sessions table on...

5.4CVSS5.9AI score0.00294EPSS

Exploits1References8

Packet Storm•added 2026/02/19 12:0 a.m.•138 views

📄 SofaWiki 3.9.2 Shell Upload

This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...

5.6AI score

Exploits0

Packet Storm•added 2026/02/16 12:0 a.m.•136 views

📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload

Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...

5AI score

Exploits0

EUVD•added 2026/02/15 1:58 p.m.•5 views

EUVD-2019-19411

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...

5.4CVSS5.3AI score0.00165EPSS

Exploits0References3

Vulnrichment•added 2026/02/15 1:58 p.m.•4 views

CVE-2019-25367 ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface

5.4CVSS5.2AI score0.00165EPSS

Exploits0References3

Positive Technologies•added 2026/02/15 12:0 a.m.•9 views

PT-2026-8239

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in / db/ system/ admin/aardvark/index.html to execute JavaScrip...

5.4CVSS5.2AI score0.00165EPSS

Exploits0References4

NVD•added 2026/02/11 3:16 p.m.•7 views

CVE-2019-25314

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

5.5CVSS0.00207EPSS

Exploits0References5

NVD•added 2026/02/11 3:16 p.m.•4 views

CVE-2019-25315

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...

6.4CVSS0.00184EPSS

Exploits0References3

OSV•added 2026/02/11 3:16 p.m.•3 views

CVE-2019-25315

6.4CVSS5.8AI score0.00184EPSS

Exploits0References3

Cvelist•added 2026/02/11 2:56 p.m.•27 views

CVE-2019-25315 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

6.4CVSS0.00184EPSS

Exploits0References3

Cvelist•added 2026/02/11 2:56 p.m.•25 views

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

5.5CVSS0.00207EPSS

Exploits0References5

CVE•added 2026/02/11 2:56 p.m.•13 views

CVE-2019-25315

The CVE concerns WordPress Server Log Viewer 1.0, where a persistent XSS vulnerability exists through unfiltered log file paths. Attackers can create log files containing embedded XSS payloads that execute when viewed in the WordPress admin interface. The description provides CVSSv3.1/4.0 metrics...

6.4CVSS5.1AI score0.00184EPSS

Exploits0References3

CNNVD•added 2026/02/11 12:0 a.m.•5 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from an authorization bypass in the Admin API. This vulnerability may lead to information leakage...

3.1CVSS5.8AI score0.00275EPSS

Exploits0References4

CNNVD•added 2026/02/11 12:0 a.m.•5 views

WordPress plugin Yoast Duplicate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.5CVSS5.9AI score0.00207EPSS

Exploits0References5

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7609

6.4CVSS5.1AI score0.00184EPSS

Exploits0References4