CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

861 matches found

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS7.1AI score0.03096EPSS

Exploits1References2

Nuclei•added yesterday•14 views

Trinity Audio <= 5.21.0 - Information Exposure

The Trinity Audio Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

5.3CVSS5.8AI score0.00951EPSS

Exploits1References2

Nuclei•added yesterday•7 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS5.9AI score0.00892EPSS

Exploits0References2

NVD•added 4 days ago•5 views

CVE-2017-20270

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS

Exploits0References4

ATTACKERKB•added 4 days ago•6 views

CVE-2017-20270

8.8CVSS6.2AI score

Exploits0References4Affected Software1

Cvelist•added 4 days ago•24 views

CVE-2017-20270 Joomla! Component Twitch Tv 1.1 SQL Injection

8.8CVSS

Exploits0References4

NVD•added 4 days ago•9 views

CVE-2017-20264

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS

Exploits0References4

NVD•added 4 days ago•8 views

CVE-2017-20254

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...

8.8CVSS

Exploits0References4

EUVD•added 4 days ago•3 views

EUVD-2017-18991

7.1CVSS6.2AI score

Exploits0References4

CVE•added 4 days ago•13 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

8.8CVSS6.2AI score

Exploits0References4

Cvelist•added 4 days ago•34 views

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS

Exploits0References4

EUVD•added 4 days ago•3 views

EUVD-2017-18986

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...

8.8CVSS6.2AI score

Exploits0References4

Cvelist•added 4 days ago•24 views

CVE-2017-20254 Joomla! Component User Bench 1.0 SQL Injection via userid

8.8CVSS

Exploits0References4

EUVD•added 4 days ago•3 views

EUVD-2017-18981

8.8CVSS6.2AI score

Exploits0References4

NVD•added 2026/06/15 2:16 p.m.•8 views

CVE-2016-20073

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS

Exploits0References4

Vulnrichment•added 2026/06/15 12:0 p.m.•5 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4

CVE•added 2026/06/15 10:5 a.m.•13 views

CVE-2026-34029

The CVE-2026-34029 entry affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). A hard-coded cryptographic key exists in SafeSystem.Infrastructure.Security.dll that an attacker with access to application files can reverse‑engineer to recover. This key enables decrypting licen...

6.8CVSS5.3AI score0.0012EPSS

Exploits1References2

Vulnrichment•added 2026/06/15 8:36 a.m.•6 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00442EPSS

Exploits0References3

Cvelist•added 2026/06/15 8:36 a.m.•30 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

5.3CVSS0.00442EPSS

Exploits0References3