CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

ATTACKERKB•added 2026/05/12 7:48 a.m.•3 views

CVE-2026-6913

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widgetarea' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS6AI score0.0004EPSS

Exploits0References8

CNNVD•added 2026/02/27 12:0 a.m.•4 views

libvips 输入验证错误漏洞

libvips is an open-source fast image processing library with low memory requirements. Version 8.19.0 of libvips contains a vulnerability related to input validation errors. This vulnerability stems from incorrect handling of the extractarea parameter in the function vipsextractareabuild located i...

5.5CVSS5.8AI score0.00013EPSS

Exploits2References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-9077

Malware in sbrugna...

6.1CVSS6.3AI score0.00208EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-6438

Malware in sbrugna...

7.5CVSS6.4AI score0.00362EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-3551

Malware in sbrugna...

4.3CVSS6.4AI score0.00231EPSS

Exploits1References5

OSV•added 2024/01/03 12:30 a.m.•19 views

GHSA-RPJW-97P8-P2XP Gila CMS SQL Injection

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

6.5CVSS5.1AI score0.00276EPSS

Exploits3References5

OSV•added 2024/01/02 10:15 p.m.•0 views

CVE-2020-26623

3.8CVSS6.1AI score

Exploits0References4

CNNVD•added 2024/01/02 12:0 a.m.•2 views

Gila CMS SQL注入漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in Gila CMS 1.15.4 and earlier versions, which stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited by a remote...

3.8CVSS8.3AI score0.00276EPSS

Exploits3References5

Cvelist•added 2024/01/02 12:0 a.m.•14 views

CVE-2020-26623

5.2AI score0.00276EPSS

Exploits3References4

OSV•added 2023/01/23 3:15 p.m.•0 views

CVE-2021-24837

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00181EPSS

Exploits1References1

CNNVD•added 2023/01/23 12:0 a.m.•1 views

WordPress plugin The Passster 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00181EPSS

Exploits1References2

CNVD•added 2018/09/26 12:0 a.m.•1 views

YUNUCMS cross-site scripting vulnerability (CNVD-2018-20067)

YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS 1.1.4 version of the index.php/index/category/index page there is a cross-site scripting vulnerability, a remote attacker can take advantage of the...

6.1CVSS6.1AI score0.00208EPSS

Exploits1References1

OSV•added 2018/09/22 2:29 a.m.•0 views

CVE-2018-17322

Cross-site scripting XSS vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

6.1CVSS5.9AI score0.00208EPSS

Exploits1References1

OSV•added 2018/09/16 5:29 p.m.•1 views

CVE-2018-17062

An issue was discovered in SeaCMS 6.64. XSS exists in adminvideo.php via the action, area, type, yuyan, jqtype, visunion, vrecycled, vismoney, or vispsd parameter...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1

Packet Storm•added 2013/08/30 12:0 a.m.•13 views

10Ninety SQL Injection

Exploit Title : 10Ninety Sql injection vulnerability Software link : www.10ninety.co.uk Exploit Author : Ashiyane Digital Security Team Tested on: Windows 7 , Linux Google Dork : intext:"Powered By 10Ninety" Date: 2013/08/30 -------------------------------------------------------------------- -...

7.4AI score

Exploits0

ATTACKERKB•added 2008/10/21 1:18 a.m.•2 views

CVE-2008-4620

SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...

7.5CVSS6.4AI score0.00421EPSS

Exploits0References6

Cvelist•added 2005/03/26 5:0 a.m.•14 views

CVE-2005-0890

SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter...

8.4AI score0.0028EPSS

Exploits1References3

CVE•added 2005/03/26 5:0 a.m.•52 views

CVE-2005-0889

CVE-2005-0889 describes a cross-site scripting (XSS) vulnerability in Dream4 Koobi CMS 4.2.3, specifically in index.php where the area parameter can be abused to inject arbitrary script/HTML. The vulnerability is documented with a CVSS v2 base score of 4.3 (Medium) and indicates that the attack v...

4.3CVSS6AI score0.00368EPSS

Exploits0References2Affected Software1

NVD•added 2005/03/24 5:0 a.m.•11 views

CVE-2005-0889

Cross-site scripting XSS vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

4.3CVSS5.8AI score0.00368EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by