CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin...

5.4CVSS5.5AI score0.00313EPSS

Exploits1References2

Packet Storm•added 2025/08/12 12:0 a.m.•184 views

📄 WebsiteBaker 2.13.7 r164 Command Injection

WebsiteBaker version 2.13.7 r164 suffers from an authenticated command injection vulnerability. Exploit Title: WebsiteBaker 2.13.7 r164 Command Injection Authenticated Exploit Author: tmrswrr /Hulya KARABAG Vendor Homepage: https://forum.websitebaker.org/ Software Link:...

7.8AI score

Exploits0

vulnersOsv•added 2025/06/22 10:40 p.m.•3 views

de.chandre.admin-tools:admin-tools-dbbrowser (>=1.1.1 <=1.1.7.3), de.chandre.admin-tools:admin-tools-filebrowser (>=1.1.1 <=1.1.7.3) +3 more potentially affected by CVE-2025-6493 via org.webjars.bower:codemirror (>=3.23.0 <=5.58.2)

org.webjars.bower:codemirror MAVEN version =3.23.0, =1.1.1, =1.1.1, =3.4.3, =3.4.4 - org.webjars.bower:mergely =3.3.6 Source cves: CVE-2025-6493 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-10494097...

6.9CVSS6AI score0.00308EPSS

Exploits0

RedhatCVE•added 2025/05/23 5:0 a.m.•8 views

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

6.1CVSS6.1AI score0.0033EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:26 a.m.•2 views

CVE-2023-27271

In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...

7.5CVSS6.8AI score0.00347EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:40 p.m.•5 views

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via \admin\index.html/system/tools...

4.8CVSS5.9AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:11 p.m.•5 views

CVE-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

5.4CVSS5.7AI score0.00313EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:33 a.m.•5 views

CVE-2015-9401

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php editstyle id XSS...

4.8CVSS7.1AI score0.00279EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:10 a.m.•8 views

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

4.8CVSS5.8AI score0.00235EPSS

Exploits0References1