CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126 matches found

EUVD•added 2026/04/28 11:41 a.m.•2 views

EUVD-2026-26037

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

9.4CVSS5.3AI score0.0005EPSS

Exploits0References1

NVD•added 2026/04/14 2:16 a.m.•3 views

CVE-2026-39425

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

5.4CVSS0.0004EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 9:56 a.m.•8 views

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

8.1CVSS6.7AI score0.01245EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:54 a.m.•7 views

CVE-2021-41252

Kirby is an open source file structured CMS Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting XSS attacks, otherwise the formatting would be lost. If the user is...

7.3CVSS5.5AI score0.00785EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:37 a.m.•4 views

CVE-2019-7880

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript...

4.8CVSS5.6AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:36 a.m.•6 views

CVE-2019-7868

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules...

4.8CVSS5.7AI score0.00069EPSS

Exploits0References1

RedhatCVE•added 2025/10/22 12:11 a.m.•3 views

CVE-2025-60511

Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...

4.3CVSS6.7AI score0.00043EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-6420

Malware in sbrugna...

9CVSS6.4AI score0.08647EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-21452

Malware in sbrugna...

4.8CVSS5.2AI score0.0049EPSS

Exploits1References4