CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43501 matches found

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

5.4CVSS6.7AI score0.26418EPSS

Exploits1References3

Nuclei•added 9 hours ago•35 views

CuppaCMS v1.0 - Local File Inclusion

Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. id: CVE-2022-34121 info: name: CuppaCMS v1.0 - Local File Inclusion author: edoardottt severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the...

7.5CVSS7.2AI score0.2541EPSS

Exploits1References5

Nuclei•added 9 hours ago•126 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

7.8CVSS7.3AI score0.36161EPSS

Exploits1References3

Nuclei•added 9 hours ago•30 views

Microweber < 1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax. id: CVE-2022-0928 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: |...

6.8CVSS5.8AI score0.06259EPSS

Exploits1References5

Nuclei•added 9 hours ago•32 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS5.4AI score0.08256EPSS

Exploits1References5

Nuclei•added 9 hours ago•14 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS5.9AI score0.18554EPSS

Exploits2References3

Nuclei•added 9 hours ago•32 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS5.7AI score0.0304EPSS

Exploits1References3

Nuclei•added 9 hours ago•141 views

Ghost CMS Content API - SQL Injection

Ghost CMS before 6.19.1 is vulnerable to a blind SQL injection in the /ghost/api/content/tags/ endpoint via the filter parameter. This template checks for the vulnerability by sending a boolean-based payload. id: CVE-2026-26980 info: name: Ghost CMS Content API - SQL Injection author:...

9.4CVSS6.2AI score0.56657EPSS

Exploits6References3

Nuclei•added 9 hours ago•14 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS5.4AI score0.06479EPSS

Exploits1References2

Nuclei•added 9 hours ago•21 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.9AI score0.00886EPSS

Exploits0References4

Nuclei•added 9 hours ago•47 views

Clansphere CMS 2011.4 - Cross-Site Scripting

Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter. id: CVE-2021-27309 info: name: Clansphere CMS 2011.4 - Cross-Site Scripting author: edoardottt severity: medium description: | Clansphere CMS 2011.4 contains an unauthenticat...

6.1CVSS5.8AI score0.00887EPSS

Exploits1References4

Nuclei•added 9 hours ago•91 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS5.5AI score0.02816EPSS

Exploits1References5

Nuclei•added 9 hours ago•26 views

Fuel CMS 1.4.7 - SQL Injection

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...

9.8CVSS9.1AI score0.17515EPSS

Exploits4References5

Nuclei•added 9 hours ago•211 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/viewcar.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32025 info:...

7.2CVSS7.5AI score0.11785EPSS

Exploits1References3

Nuclei•added 9 hours ago•17 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?carid=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32024 info:...

7.2CVSS7.5AI score0.11785EPSS

Exploits1References2

Nuclei•added 9 hours ago•27 views

Atom CMS v2.0 - Cross-Site Scripting

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php. id: CVE-2022-25489 info: name: Atom CMS v2.0 - Cross-Site Scripting author: theamanrawat severity: medium description: | Atom CMS v2.0 was discovered to contain ...

5.4CVSS5.3AI score0.05393EPSS

Exploits1References3

Nuclei•added 9 hours ago•5 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS7AI score0.12303EPSS

Exploits1References4

Nuclei•added 9 hours ago•8 views

LG Supersign EZ CMS - Remote Code Execution

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...

9.8CVSS9.3AI score0.79034EPSS

Exploits9References4

Nuclei•added 9 hours ago•17 views

Eleanor CMS - Open Redirect

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERYSTRING. id: CVE-2014-9180 info: name: Eleanor CMS - Open Redirect author: Shankar Acharya severity: medium description: | Open...

5CVSS5.5AI score0.0844EPSS

Exploits1References2

Nuclei•added 9 hours ago•52 views

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

9.9CVSS6.4AI score0.92294EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by