CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

CNNVD•added 2026/04/07 12:0 a.m.•3 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the type array parameter of the /SettingsIndividual.php endpoint, which could lead to the extraction and...

8.8CVSS5.9AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/02/23 7:25 p.m.•1 views

CVE-2019-25457

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

8.8CVSS5.7AI score0.00148EPSS

Exploits1References1

Positive Technologies•added 2026/02/22 12:0 a.m.•3 views

PT-2026-21444

8.8CVSS5.9AI score0.00148EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2006-5122

Malware in sbrugna...

5.1CVSS6.4AI score0.03174EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-21516

Malware in sbrugna...

9.8CVSS9.5AI score0.0025EPSS

Exploits1References2

CNNVD•added 2025/08/24 12:0 a.m.•1 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Personal Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from the incorrect operation of the parameter files in the /system/traits/media.php file...

9.8CVSS6.5AI score0.00101EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 6:46 a.m.•5 views

CVE-2024-53506

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs...

9.8CVSS8AI score0.00442EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:52 a.m.•1 views

CVE-2023-22476

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

4.3CVSS6.6AI score0.00201EPSS

Exploits1References1

Cvelist•added 2024/11/29 12:0 a.m.•13 views

CVE-2024-53506

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs...

0.00442EPSS

Exploits1References2

CNNVD•added 2024/08/29 12:0 a.m.•1 views

WordPress plugin Theme Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Theme Edit...

7.2CVSS7AI score0.00641EPSS

Exploits0References4

OSV•added 2024/07/12 12:32 p.m.•18 views

CVE-2024-40974 powerpc/pseries: Enforce hcall result buffer validity and size

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

7.8CVSS6.5AI score0.00011EPSS

Exploits0References12

OSV•added 2023/08/28 5:15 p.m.•0 views

CVE-2023-39560

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php...

9.8CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2023/04/28 12:0 a.m.•1 views

PT-2023-22701 · Ebankit · Ebankit

Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue exists where Document Object Model based XSS is present within the "/Security/Transactions/Transactions.aspx" endpoint. Users can supply their own JavaScript within the...

6.1CVSS6AI score0.00206EPSS

Exploits1References5

Snyk•added 2022/05/24 5:40 p.m.•1 views

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization via the bugactiongroup.php process. An attacker, with rights to create new issues, can clone any private issue, including all bugnotes and attachments, by manipulating the...

7.1CVSS6.9AI score0.00212EPSS

Exploits1References2

Snyk•added 2022/05/24 5:40 p.m.•2 views

Incorrect Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access-level checks in the bugactiongrouppage.php URL. An attacker can gain access to the Summary fields of private Issues by crafting a URL with...

5.4CVSS7AI score0.00147EPSS

Exploits1References2

Positive Technologies•added 2020/12/16 12:0 a.m.•1 views

PT-2020-6233 · P11 Kit +8 · P11-Kit +8

Name of the Vulnerable Software and Affected Versions: p11-kit versions 0.21.1 through 0.23.21 Description: A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through...

7.5CVSS6.6AI score0.00355EPSS

Exploits0References80

OSV•added 2018/12/26 7:29 p.m.•0 views

CVE-2018-20486

MetInfo 6.x through 6.1.3 has XSS via the /admin/login/logincheck.php urlarray parameter...

6.1CVSS5.8AI score0.0028EPSS

Exploits1References2