CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2405 matches found

RedhatCVE•added 2025/05/22 9:3 p.m.•3 views

CVE-2021-24904

The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.4AI score0.05086EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 8:53 p.m.•5 views

CVE-2021-37270

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority...

10CVSS7.2AI score0.01438EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:13 p.m.•2 views

CVE-2021-39758

In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.2AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:1 p.m.•11 views

CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS6.7AI score0.00109EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:25 p.m.•7 views

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

4.8CVSS5.9AI score0.0056EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:21 p.m.•5 views

CVE-2021-22308

There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...

3.3CVSS6.6AI score0.00173EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:0 p.m.•9 views

CVE-2020-20348

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...

5.4CVSS5.6AI score0.00531EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:57 p.m.•8 views

CVE-2020-0227

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User...

7.8CVSS7.1AI score0.00268EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:29 p.m.•7 views

CVE-2020-20343

WTCMS 1.0 contains a cross-site request forgery CSRF vulnerability in the index.php?g=admin=nav=addpost component that allows attackers to arbitrarily add articles in the administrator background...

6.5CVSS6.9AI score0.00425EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:13 p.m.•8 views

CVE-2020-1255

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

8.8CVSS6.9AI score0.03366EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:9 p.m.•8 views

CVE-2020-21362

A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...

5.4CVSS5.9AI score0.00475EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:8 p.m.•6 views

CVE-2020-1112

9.9CVSS6.9AI score0.03679EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:2 p.m.•8 views

CVE-2020-0787

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

7.8CVSS7.7AI score0.42524EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 3:57 p.m.•10 views

CVE-2020-0108

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7AI score0.00498EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:45 p.m.•9 views

CVE-2020-20349

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link address field under the background links module...

5.4CVSS5.6AI score0.00531EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:43 a.m.•9 views

CVE-2019-3404

By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C...

7.5CVSS6.9AI score0.00906EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:42 a.m.•5 views

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

8.8CVSS6.9AI score0.00494EPSS

Exploits1References1

OSV•added 2025/05/21 6:0 a.m.•8 views

BIT-NODE-MIN-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.4AI score0.00763EPSS

Exploits0References2