CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1409 matches found

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS

Exploits0References2Affected Software1

Cvelist•added 5 days ago•27 views

CVE-2017-20274 Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

8.8CVSS0.00237EPSS

Exploits0References2

RedhatCVE•added 5 days ago•8 views

CVE-2026-41568

A flaw was found in the Moby container framework. A race condition during the docker cp mount setup allows a malicious container to create empty files or directories at arbitrary locations on the host filesystem. This vulnerability can lead to a denial of service by filling up disk space or...

6.1CVSS5.9AI score0.00108EPSS

Exploits0References4

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/rds: fixed the possible null dereference of cp The cp parameter may be null. Calling cp-cpconn would result in a null dereference. Simon Horman adds: Analysis: cp is a parameter of rdsrdmamap and is not reassigned. The...

5.5CVSS6.3AI score0.00221EPSS

Exploits0References2

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in binutils

There is a heap-based buffer overflow issue in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. A crafted input can cause segmentation faults, leading to denial-of-service attacks, as demonstrated by c++filt...

6.5CVSS7.1AI score0.02663EPSS

Exploits1References2

Nuclei•added 5 days ago•8 views

CP Image Store with Slideshow <= 1.0.67 - SQL Injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...

9.8CVSS7.3AI score0.1036EPSS

Exploits2References3

NVD•added 2026/06/15 2:16 p.m.•9 views

CVE-2016-20067

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS

Exploits0References2

NVD•added 2026/06/15 2:16 p.m.•7 views

CVE-2016-20066

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS0.00192EPSS

Exploits0References2

Cvelist•added 2026/06/15 12:0 p.m.•29 views

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

5.3CVSS0.00116EPSS

Exploits0References2

EUVD•added 2026/06/15 12:0 p.m.•6 views

EUVD-2016-10880

5.3CVSS5.2AI score0.00116EPSS

Exploits0References2

CVE•added 2026/06/15 12:0 p.m.•8 views

CVE-2016-20067

CVE-2016-20067 : WordPress CP Polls 1.0.8 contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized poll operations on behalf of an authenticated administrator. An attacker can craft a malicious HTML page; when an admin visits it while logged in, t...

5.3CVSS5.3AI score0.00116EPSS

Exploits0References2

Vulnrichment•added 2026/06/15 12:0 p.m.•4 views

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

7.2CVSS5.3AI score0.00192EPSS

Exploits0References2

CVE•added 2026/06/15 12:0 p.m.•8 views

CVE-2016-20066

WordPress CP Polls 1.0.8 is affected by a persistent cross-site scripting (XSS) vulnerability via unsanitized file upload functionality. Attackers can upload files containing script payloads (e.g., onerror handlers) to execute arbitrary JavaScript in the browsers of users viewing the affected con...

7.2CVSS5.4AI score0.00192EPSS

Exploits0References2

NVD•added 2026/06/15 8:16 a.m.•10 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS

Exploits0References1

EUVD•added 2026/06/15 6:0 a.m.•8 views

EUVD-2026-36700

5.4CVSS5.2AI score0.00159EPSS

Exploits0References1

Cvelist•added 2026/06/15 12:0 a.m.•26 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS

Exploits1References1

Tenable Nessus•added 2026/06/13 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

6.1CVSS6AI score0.00108EPSS

Exploits0References3

NVD•added 2026/06/12 7:16 p.m.•9 views

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS0.00104EPSS

Exploits0References1