CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

175 matches found

CVE•added 2025/12/31 6:40 p.m.•6 views

CVE-2021-47725

CVE-2021-47725 affects STVS ProVision 5.9.10. The vulnerability is an authenticated, reflected cross-site scripting flaw in the HTML context via the POST parameter named “files,” where input is not properly validated. Exploitation allows an attacker with credentials to inject arbitrary HTML/JS th...

5.4CVSS5.8AI score0.00034EPSS

Exploits1References6

NVD•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47735

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing...

8.8CVSS0.0045EPSS

Exploits1References3

Vulnrichment•added 2025/12/23 7:34 p.m.•2 views

CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing

8.8CVSS7.7AI score0.0045EPSS

Exploits1References3

Packet Storm•added 2025/12/23 12:0 a.m.•384 views

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

9.9CVSS7.8AI score0.00075EPSS

Exploits2

NVD•added 2025/12/17 11:15 p.m.•1 views

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS0.00024EPSS

Exploits1References3

GithubExploit•added 2025/12/17 8:10 p.m.•141 views

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

9.9CVSS7AI score0.00075EPSS

Exploits2

CVE•added 2025/12/17 6:21 p.m.•7 views

CVE-2025-14081

Technical details for CVE-2025-14081 are not publicly disclosed in the provided documents. Monitor for updates from vendors and security advisories.

4.3CVSS5.3AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51967

Name of the Vulnerable Software and Affected Versions phpMyFAQ version 3.1.12 Description The software contains a CSV injection flaw that permits authenticated users to inject malicious formulas into their profile names. An attacker can modify their user profile name with a payload such as...

8.8CVSS7.5AI score0.00072EPSS

Exploits1References8

GithubExploit•added 2025/12/14 8:29 p.m.•138 views

Exploit for Improper Neutralization of Line Delimiters in Cacti

Cacti CVE-2025-24367 Authenticated RCE PoC This repository co...

8.8CVSS8.9AI score0.87934EPSS

Exploits10

GithubExploit•added 2025/12/08 4:58 a.m.•140 views

Exploit for CVE-2025-1337

CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...

9.6CVSS6.8AI score0.00086EPSS

Exploits4

GithubExploit•added 2025/12/07 6:54 p.m.•189 views

cscart-rce-lfi-exploit

cscart-rce-lfi-exploit CS-Cart Authe...

7AI score

Exploits0

CVE•added 2025/12/05 4:29 a.m.•14 views

CVE-2025-12417

CVE-2025-12417 affects the SurveyFunnel – Survey Plugin for WordPress (SurveyFunnel Lite) up to version 1.1.5. It is an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability via the shortcode surveyfunnel_lite_survey; no public patch details are provided in the connected document...

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Packet Storm•added 2025/12/01 12:0 a.m.•155 views

📄 GuppY CMS 6.00.10 Shell Upload

Proof of concept exploit demonstrating a remote shell upload vulnerability in GuppY CMS version 6.00.10. ============================================================================================================================================= | Title : GuppY CMS 6.00.10 php Code Execution...

7.2AI score

Exploits0

OSV•added 2025/11/28 8:15 a.m.•2 views

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

7.1CVSS6AI score0.00056EPSS

Exploits0References2

Vulnrichment•added 2025/11/19 4:24 p.m.•3 views

CVE-2025-34335 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

8.7CVSS7.2AI score0.00656EPSS

Exploits2References4

RedhatCVE•added 2025/11/17 1:14 p.m.•3 views

CVE-2025-64084

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

5.4CVSS8.4AI score0.00049EPSS

Exploits1References1

RedhatCVE•added 2025/10/15 5:44 p.m.•2 views

CVE-2025-37144

Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00066EPSS

Exploits0References1

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41989

Name of the Vulnerable Software and Affected Versions AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems affected versions not specified Description An issue exists that could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploit...

4.9CVSS6.4AI score0.00066EPSS

Exploits0References4