CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2475 matches found

VulnCheck KEV•added 2025/12/15 12:0 a.m.•7 views

VulnCheck KEV: CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of...

6.5CVSS5.8AI score0.25006EPSS

In wildExploits5References44

Cvelist•added 2025/12/12 10:2 p.m.•21 views

CVE-2025-14582 campcodes Online Student Enrollment System index.php unrestricted upload

A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is...

5.8CVSS0.00338EPSS

Exploits1References6

ATTACKERKB•added 2025/12/12 10:2 p.m.•3 views

CVE-2025-14582

7.2CVSS5.3AI score0.00338EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2025/12/12 3:11 p.m.•3 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS7.3AI score0.00324EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 8:39 a.m.•9 views

CVE-2025-13954

Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI...

9.3CVSS5.8AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2025/12/10 9:16 p.m.•4 views

CVE-2021-47730

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS6.8AI score0.00213EPSS

Exploits1References1

RedhatCVE•added 2025/12/10 9:16 p.m.•3 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.9AI score0.00164EPSS

Exploits0References1

NVD•added 2025/12/10 9:16 p.m.•8 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.8CVSS0.00224EPSS

Exploits1References4

CVE•added 2025/12/10 9:4 p.m.•15 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 is affected by a cross-site request forgery that allows creation of administrative users via an attacker-crafted page. The root cause is insufficient request validation in the user-management flow, enabling an authenticated user to be coerced into submitt...

8.8CVSS6.4AI score0.00224EPSS

Exploits1References4Affected Software1

Cvelist•added 2025/12/10 9:4 p.m.•23 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

8.6CVSS0.00224EPSS

Exploits1References4

Vulnrichment•added 2025/12/10 9:4 p.m.•3 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

8.6CVSS6.4AI score0.00224EPSS

Exploits1References4

Cvelist•added 2025/12/10 8:53 p.m.•18 views

CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS0.00696EPSS

Exploits1References4

Vulnrichment•added 2025/12/10 8:53 p.m.•3 views

CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability

9.3CVSS6.8AI score0.00696EPSS

Exploits1References4

CVE•added 2025/12/10 8:48 p.m.•14 views

CVE-2020-36886

Affected product: SpinetiX Fusion Digital Signage 3.4.8. Vulnerability: Cross-site request forgery that lets an attacker create administrative accounts via a malicious page when a logged-in user visits it. Root cause: lack of proper request validation/CSRF protection on user creation. Impact: ful...

8.8CVSS6.4AI score0.00225EPSS

Exploits1References5Affected Software1

ATTACKERKB•added 2025/12/10 8:29 a.m.•2 views

CVE-2025-13954

Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI...

9.3CVSS5.8AI score0.00162EPSS

Exploits0References3

RedhatCVE•added 2025/12/10 6:26 a.m.•16 views

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00186EPSS

Exploits0References1