CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/03/23 2:5 p.m.•5 views

CVE-2026-33479

CVE-2026-33479 is tied to a0 Video (AVideo) Gallery plugin vulnerability where saveSort.json.php eval() executes unsanitized input from $_REQUEST['sections']. An admin-authenticated session is exfiltrated via CSRF because there is no CSRF protection and cookies are configured with SameSite=None, ...

8.8CVSS6.3AI score0.00245EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/23 2:5 p.m.•3 views

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

8.8CVSS6.3AI score0.00245EPSS

Exploits1References2

EUVD•added 2026/03/23 12:31 a.m.•4 views

EUVD-2026-14341

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

5.8CVSS5.5AI score0.0006EPSS

NVD•added 2026/03/23 12:16 a.m.•2 views

CVE-2026-4564

5.8CVSS0.0006EPSS

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27265

Name of the Vulnerable Software and Affected Versions Woocommerce Custom Product Addons Pro versions prior to 5.4.2 Description The Woocommerce Custom Product Addons Pro plugin for WordPress is susceptible to Remote Code Execution. This occurs because of inadequate sanitization and validation of...

9.8CVSS6.3AI score0.00209EPSS

Exploits0References10

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates6.php, which may...

Exploits0References6

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability stems from improper handling of the parameter sname in the file admin/updates2.php, which may le...

CNNVD•added 2026/03/23 12:0 a.m.•4 views

WWBN AVideo 代码注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a code injection vulnerability. This vulnerability stemmed from the saveSort.json.php endpoint in the Gallery plugin, which directly passed uncleaned user input to...

8.8CVSS6.4AI score0.00245EPSS

Exploits1References2

CNNVD•added 2026/03/23 12:0 a.m.•6 views

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

8.8CVSS6AI score0.00103EPSS

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter sname in the file admin/updates3.php, which may...

Code-Projects Exam Form Submission 代码注入漏洞

CNNVD•added 2026/03/23 12:0 a.m.•4 views

Ruoyi 代码注入漏洞

Ruoyi is a backend management system developed by the RuoYi developer. Versions of RuoYi 4.8.2 and earlier had a code injection vulnerability. This vulnerability stemmed from improper handling of the invokeTarget parameter in the Quartz Job Handler component located in the file /monitor/job/...

5.8CVSS5.9AI score0.0006EPSS

Code-Projects Exam Form Submission 代码注入漏洞

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Projectworlds Online Lawyer Management System 代码注入漏洞

Projectworlds Online Lawyer Management System is an online lawyer management system developed by Projectworlds Company in India. Version 1.0 of the Projectworlds Online Lawyer Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

5.4CVSS5.7AI score0.00038EPSS

Exploits1References4

7.3CVSS6AI score0.00206EPSS

WordPress plugin ReviewX 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

ATTACKERKB•added 2026/03/22 11:51 p.m.•2 views

CVE-2026-4564

5.8CVSS5.5AI score0.0006EPSS

Exploits0References4Affected Software1

CVE•added 2026/03/22 11:51 p.m.•15 views

CVE-2026-4564

The CVE-2026-4564 entry describes a code injection vulnerability in yangzongzhuan RuoYi ≤ 4.8.2 via the Quartz Job Handler’s /monitor/job/ processing. The underlying issue is manipulation of the invokeTarget argument, enabling remote code execution. Public exploit details exist per the descriptio...

5.8CVSS5.5AI score0.0006EPSS

Cvelist•added 2026/03/22 11:51 p.m.•28 views

CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection

5.8CVSS0.0006EPSS