CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/04 3:30 p.m.•8 views

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

6.5CVSS5.4AI score0.00048EPSS

CVE•added 2026/06/04 3:30 p.m.•9 views

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00048EPSS

Cvelist•added 2026/06/04 3:30 p.m.•34 views

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

6.5CVSS0.00048EPSS

NVD•added 2026/06/04 3:16 p.m.•7 views

CVE-2026-41065

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS0.00493EPSS

GithubExploit•added 2026/06/04 3:6 p.m.•52 views

Exploit for Path Traversal in Casbin Casdoor

CVE-2026-6815: Casdoor 3.54.1 Path Traversal & Arbitrary File...

5.9CVSS6AI score0.00804EPSS

Exploits3

GithubExploit•added 2026/06/04 2:49 p.m.•55 views

Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board

CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...

9.8CVSS5.8AI score0.07996EPSS

Exploits1

CVE•added 2026/06/04 2:32 p.m.•9 views

CVE-2026-43985

Tautulli (Python-based Plex monitoring) before v2.17.1 exposes the admin-changing endpoint /configUpdate without enforcing POST or anti-CSRF checks. In default form/JWT modes, the SameSite=Lax cookie permits top-level cross-site requests, enabling an attacker to coerce a logged-in admin to submit...

Cvelist•added 2026/06/04 2:32 p.m.•32 views

CVE-2026-43985 Taultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeover

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose configUpdate as a state-changing administrator endpoint, but the route does not enforce POST and does not use any anti-CSRF token. In the default form and JWT-based authentication mode,...

8.8CVSS0.00022EPSS

ATTACKERKB•added 2026/06/04 2:32 p.m.•5 views

CVE-2026-43985

Exploits0References3Affected Software1

Vulnrichment•added 2026/06/04 2:32 p.m.•8 views

CVE-2026-43985 Taultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeover

EUVD•added 2026/06/04 2:32 p.m.•7 views

EUVD-2026-34285

Cvelist•added 2026/06/04 2:28 p.m.•33 views

CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS0.00041EPSS

NVD•added 2026/06/04 2:16 p.m.•9 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00054EPSS

NVD•added 2026/06/04 2:16 p.m.•8 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS0.0003EPSS

Exploits0References1

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS0.00086EPSS

Exploits0References3

NVD•added 2026/06/04 2:16 p.m.•7 views

CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS0.00105EPSS

Exploits0References5

CVE-2019-25737

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...

6.1CVSS0.00095EPSS

Exploits0References4

CVE-2019-25734

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS0.0008EPSS

Exploits0References4