CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

497 matches found

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.8AI score0.26507EPSS

Exploits3References5

RedhatCVE•added 4 days ago•5 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.4AI score0.00039EPSS

Exploits0References1

CVE•added 5 days ago•10 views

CVE-2026-50224

CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...

6.9CVSS5.8AI score0.00039EPSS

Exploits0References1Affected Software1

Positive Technologies•added 5 days ago•9 views

PT-2026-46176

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The web administration panel binds broadly to the public IPv6 address space on port ':::8080' without default firewall limits. This configuration allows internal...

6.9CVSS5.3AI score0.00039EPSS

Exploits0References4

EUVD•added 2026/05/08 3:31 p.m.•7 views

EUVD-2026-28591

Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...

8.6CVSS5.8AI score0.00035EPSS

Exploits0References3

Cvelist•added 2026/05/08 12:12 p.m.•26 views

CVE-2026-8077 Weak credentials vulnerability in the CashDro 3 web administration panel

8.6CVSS0.00035EPSS

Exploits0References2

CNNVD•added 2026/04/01 12:0 a.m.•1 views

Payload 跨站脚本漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.78.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of user inputs in the administration panel, which could le...

8.7CVSS5.7AI score0.00016EPSS

Exploits0References1

Tenable Nessus•added 2026/03/13 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-70128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to...

6.1CVSS6.4AI score0.00206EPSS

Exploits2References2

EUVD•added 2026/03/12 6:30 p.m.•1 views

EUVD-2019-19790

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...

8.7CVSS5.8AI score0.00991EPSS

Exploits1References3

OSV•added 2026/02/26 2:39 a.m.•2 views

CVE-2026-27975 Ajenti has a potential Remote Code Execution

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

9.3CVSS6.3AI score0.00088EPSS

Exploits0References4

Packet Storm•added 2026/02/05 12:0 a.m.•113 views

📄 Online Admission Software 2.6 Insecure Direct Object Reference

Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...

5.3AI score

Exploits0

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-6432

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Zone Name & Description fields in the Store Management section are not properly sanitized before being displayed in the admin panel...

6.1CVSS5.6AI score

Exploits0References6

Positive Technologies•added 2026/01/09 12:0 a.m.•2 views

PT-2026-1855

Name of the Vulnerable Software and Affected Versions Vivotek IP7137 camera versions prior to firmware version 0200a Description The Vivotek IP7137 camera is susceptible to a path traversal issue. An authenticated attacker can potentially access resources outside the intended webroot directory by...

8.7CVSS6.4AI score0.00056EPSS

Exploits0References4

RedhatCVE•added 2026/01/07 9:35 a.m.•2 views

CVE-2019-7937

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...

4.8CVSS5.6AI score0.00092EPSS

Exploits0References1

CVE•added 2025/12/16 12:23 a.m.•10 views

CVE-2025-67736

The CVE-2025-67736 entry concerns the FreePBX tts (Text to Speech) module. Affected versions are prior to 16.0.5 and 17.0.5. The vulnerability is an SQL injection exploitable by authenticated users with administrator access via the Administrator Control Panel (ACP). Successful exploitation can di...

8.6CVSS7.5AI score0.00106EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2025/12/13 11:7 p.m.•2 views

CVE-2025-14583

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be...

9.8CVSS7AI score0.00023EPSS

Exploits1References1

Securelist•added 2025/12/12 10:0 a.m.•3 views

Following the digital trail: what happens to data stolen in a phishing attack

Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...

6.8AI score

Exploits0

OSV•added 2025/12/11 6:16 p.m.•0 views

CVE-2025-14530

A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

7.2CVSS5.5AI score0.00049EPSS

Exploits1References5

Tenable Nessus•added 2025/11/10 12:0 a.m.•3 views

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

7AI score

Exploits0

NVD•added 2025/10/17 4:15 p.m.•2 views

CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

9.1CVSS0.00487EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by