CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS

Exploits0References1

NVD•added 2026/06/15 2:16 p.m.•10 views

CVE-2016-20084

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS0.00245EPSS

Exploits0References3

OSV•added 2026/02/19 1:16 p.m.•3 views

CVE-2019-25404

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the adminname, name, and surname parameters via...

5.4CVSS5.7AI score0.00301EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20807

6.4CVSS5.2AI score0.00301EPSS

Exploits1References4

Vulnrichment•added 2026/02/18 9:55 p.m.•3 views

CVE-2019-25401 Bematech Printer MP-4200 TH Denial of Service

Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service...

8.7CVSS5.6AI score0.00422EPSS

Exploits0References4

NVD•added 2026/02/07 12:15 a.m.•4 views

CVE-2020-37106

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...

5.3CVSS0.00181EPSS

Exploits0References3

RedhatCVE•added 2025/12/16 8:44 p.m.•3 views

CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS6.4AI score0.00311EPSS

Exploits0References1