CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/02/05 6:13 p.m.•139 views

Exploit for CVE-2025-2304

Exploit-for-CVE-2025-2304 usage: exploit.py -h --url URL --...

9.4CVSS5.5AI score0.00201EPSS

RedhatCVE•added 2026/02/04 7:27 p.m.•3 views

CVE-2026-24665

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...

GithubExploit•added 2026/02/04 4:17 a.m.•344 views

Exploit for CVE-2025-2304

Camaleon CMS 2.9.0 – Authenticated Privilege Escalation Role...

9.4CVSS5.6AI score0.00201EPSS

NVD•added 2026/02/03 6:16 p.m.•7 views

CVE-2026-24665

8.7CVSS0.00058EPSS

Cvelist•added 2026/02/03 4:58 p.m.•24 views

CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload

8.7CVSS0.00058EPSS

CVE•added 2026/02/03 4:58 p.m.•11 views

CVE-2026-24665

Open eClass (formerly GUnet eClass) is affected by CVE-2026-24665 due to a stored XSS vulnerability in uploaded assignment files. Before version 4.2, authenticated students could inject JavaScript that executes when instructors view submissions. The issue has been addressed in version 4.2. Remedi...

Exploits1References1Affected Software1

Vulnrichment•added 2026/02/03 4:58 p.m.•2 views

CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload

OSV•added 2026/02/03 4:58 p.m.•3 views

CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

Exploits1References3

PT-2026-6197

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A stored Cross-Site Scripting XSS issue exists in versions before 4.2, enabling authenticated students to...

8.7CVSS5.6AI score0.00058EPSS

Exploits1References6

GithubExploit•added 2026/02/01 6:57 p.m.•273 views

Exploit for CVE-2025-2304

PoC: CVE-2025-2304 - Camaleon CMS Privilege Escalation Tec...

9.4CVSS5.9AI score0.00201EPSS

GithubExploit•added 2026/02/01 8:28 a.m.•181 views

Exploit for CVE-2025-2304

CVE-2025-2304 Exploit Camaleon CMS Vulnerable to Privilege Es...

9.4CVSS5.9AI score0.00201EPSS

RedhatCVE•added 2026/01/31 3:19 a.m.•5 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

8.8CVSS5.9AI score0.0003EPSS

NVD•added 2026/01/29 10:15 p.m.•3 views

CVE-2026-25040

8.8CVSS0.0003EPSS

Exploits1References3

EUVD•added 2026/01/29 9:33 p.m.•4 views

EUVD-2026-4950

7.1CVSS5.9AI score0.0003EPSS

Exploits1References3

Cvelist•added 2026/01/27 8:8 p.m.•14 views

CVE-2025-14988 Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA

A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system...

10CVSS0.00079EPSS

Exploits0References1

RedhatCVE•added 2026/01/26 3:10 p.m.•4 views

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

5.3CVSS5.9AI score0.0002EPSS