CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/16 3:28 p.m.•9 views

CVE-2020-37241 bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add

CVE•added 2026/05/16 3:28 p.m.•15 views

CVE-2020-37241

CVE-2020-37241 affects bloofoxCMS 0.5.2.1 and describes a cross-site request forgery (CSRF) that enables an attacker to perform administrative actions by luring a logged-in admin to visit a malicious page. The attack can craft hidden requests targeting the admin user-creation endpoint to add new ...

ATTACKERKB•added 2026/05/16 3:28 p.m.•7 views

CVE-2020-37241

Exploits0References4Affected Software1

EUVD•added 2026/05/16 3:28 p.m.•9 views

EUVD-2020-31233

ATTACKERKB•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

5.4CVSS5.9AI score0.00178EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/16 3:26 p.m.•13 views

EUVD-2021-34836

5.4CVSS5.9AI score0.00178EPSS

CVE•added 2026/05/16 3:26 p.m.•14 views

CVE-2021-47979

CVE-2021-47979 affects WordPress Plugin Backup and Restore 1.0.3. An arbitrary file deletion vulnerability exists in which authenticated attackers can delete arbitrary files by crafting file_name and folder_name parameters in POST requests to admin-ajax.php, enabling file system modification with...

8.8CVSS5.9AI score0.00397EPSS

Cvelist•added 2026/05/16 3:26 p.m.•38 views

CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS0.00397EPSS

EUVD•added 2026/05/16 3:26 p.m.•8 views

EUVD-2021-34830

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...

7.2CVSS5.9AI score0.00214EPSS

EUVD•added 2026/05/16 3:26 p.m.•13 views

EUVD-2020-31246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS5.9AI score0.00673EPSS

CVE•added 2026/05/16 3:25 p.m.•14 views

CVE-2020-37240

CVE-2020-37240 affects Queue Management System 4.0.0 with a stored XSS flaw in the Add User workflow. Authenticated administrators can inject JavaScript via First Name, Last Name, or Email during user creation, with payloads executing on the User List page. CVSS-4.0 vector yields 5.1 (MEDIUM), an...

6.4CVSS5.7AI score0.00243EPSS

ATTACKERKB•added 2026/05/16 3:25 p.m.•9 views

CVE-2020-37237

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/16 3:25 p.m.•14 views

CVE-2020-37236

CVE-2020-37236 describes an authenticated persistent cross-site scripting vulnerability in NewsLister. Authenticated administrators can inject JavaScript via the title parameter in the news addition interface, with payloads executing when news items are viewed by other users. The CVE has a CVSS v...

Cvelist•added 2026/05/16 3:25 p.m.•27 views

CVE-2020-37236 NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS0.00235EPSS

EUVD•added 2026/05/16 3:25 p.m.•9 views

EUVD-2020-31236

Vulnrichment•added 2026/05/16 3:25 p.m.•9 views

CVE-2020-37236 NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel

ATTACKERKB•added 2026/05/16 3:25 p.m.•6 views

CVE-2020-37236

Exploits0References3Affected Software1

EUVD•added 2026/05/16 3:25 p.m.•10 views

EUVD-2020-31228

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS