CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/03/28 4:56 a.m.•1 views

CVE-2026-30527

A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Whe...

5.4CVSS5.9AI score0.00229EPSS

Exploits1References1

CNNVD•added 2026/03/27 12:0 a.m.•5 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability arises from the fact that the category management module on the...

5.4CVSS5.6AI score0.00229EPSS

Exploits1References1

OSV•added 2026/02/15 2:16 p.m.•2 views

CVE-2019-25373

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewallrulesedit.php with script payloads in the category field to execute...

5.4CVSS5.6AI score

Exploits0References4

CVE•added 2026/02/15 1:58 p.m.•12 views

CVE-2019-25373

CVE-2019-25373 – OPNsense 19.1 Stored XSS has a vulnerability in the category field of the firewall_rules_edit.php endpoint. An authenticated user can submit crafted input via POST to this page, injecting JavaScript that is then executed in other users’ browsers when they view firewall rule pages...

6.4CVSS5.5AI score0.00199EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/15 1:58 p.m.•4 views

EUVD-2019-19422

6.4CVSS5.6AI score0.00199EPSS

Exploits1References4

RedhatCVE•added 2025/10/28 5:53 p.m.•3 views

CVE-2025-12299

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The explo...

6.1CVSS5.8AI score0.00317EPSS

Exploits1References1

CVE•added 2025/10/27 7:32 p.m.•7 views

CVE-2025-12312

CVE-2025-12312 affects PHPGurukul Curfew e-Pass Management System 1.0. The vulnerability is in the file view-pass-detail.php, where manipulating the Fullname/Category argument leads to cross-site scripting. The issue can be exploited remotely; multiple sources note that an exploit has been publis...

4.8CVSS3.3AI score0.0021EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2025/05/22 8:55 p.m.•8 views

CVE-2021-37538

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the idcategory parameter to the...

9.8CVSS7.6AI score0.74489EPSS

Exploits2References1

OSV•added 2021/06/28 5:15 p.m.•0 views

CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...

9.8CVSS5.8AI score0.01465EPSS

Exploits1References1

OSV•added 2018/10/17 4:29 a.m.•3 views

CVE-2018-18433

An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the categorycatname parameter to the admin.php URI...

4.8CVSS5.8AI score

Exploits0References2