CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Vulnrichment•added 2026/04/21 10:12 p.m.•4 views

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

7.1CVSS5.9AI score0.00031EPSS

Exploits1References2

Github Security Blog•added 2026/04/14 11:12 p.m.•4 views

WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...

7.1CVSS6.1AI score0.00031EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/05 6:30 p.m.•4 views

GHSA-6W5W-JX4X-VJVW Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.3CVSS6.2AI score0.00024EPSS

Exploits1References4

Github Security Blog•added 2026/02/05 6:30 p.m.•5 views

Microweber Cross-site Scripting vulnerability

6.1CVSS6.2AI score0.00024EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/05 5:16 p.m.•6 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score

Exploits0References2

Cvelist•added 2026/02/05 12:0 a.m.•22 views

CVE-2025-70792

0.00024EPSS

Exploits1References2

Vulnrichment•added 2026/02/05 12:0 a.m.•3 views

CVE-2025-70792

6.1AI score0.00024EPSS

Exploits1References2

ATTACKERKB•added 2026/02/05 12:0 a.m.•5 views

CVE-2025-70792

6.1CVSS6.1AI score0.00024EPSS

Exploits1References3

CNNVD•added 2026/02/05 12:0 a.m.•3 views

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the /admin/category/create endpoint, which...

6.1CVSS5.5AI score0.00024EPSS

Exploits1References2

CVE•added 2026/02/05 12:0 a.m.•7 views

CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

6.1CVSS6.1AI score0.00024EPSS

Exploits1References2Affected Software1

Packet Storm•added 2025/05/19 12:0 a.m.•80 views

📄 Economizzer 0.9-beta1 Cross Site Scripting

Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...

6.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by