CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

NVD•added 2026/04/08 10:16 p.m.•2 views

CVE-2026-40027

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

8.4CVSS0.00005EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-25618

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00047EPSS

Exploits0References2

CVE•added 2025/09/24 5:25 p.m.•10 views

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

4.8CVSS5.3AI score0.00063EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/08/24 7:26 p.m.•4 views

CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

8.8CVSS7.5AI score0.00047EPSS

Exploits0References1

Cvelist•added 2025/08/22 6:56 p.m.•7 views

CVE-2025-6791 Second order SQL injection available to user with low privilege

8.8CVSS0.00047EPSS

Exploits0References2

CVE•added 2025/08/22 6:56 p.m.•16 views

CVE-2025-6791

Centreon Web’s Monitoring event logs module is affected by an SQL Injection due to improper neutralization of special elements in an SQL command. An authenticated, low-privilege attacker can modify HTTP requests to insert payloads into the database. Affected Centreon Web versions: 23.10.0–23.10.2...

8.8CVSS7.1AI score0.00047EPSS

Exploits0References2Affected Software1

OSV•added 2021/09/22 1:15 p.m.•0 views

CVE-2021-39404

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database...

4.8CVSS5.8AI score0.00479EPSS

Exploits1References1

Exploit DB•added 2021/02/10 12:0 a.m.•263 views

b2evolution 6.11.6 - 'plugin name' Stored XSS

Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS Date: 09/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

4.8CVSS5.4AI score0.00445EPSS

Exploits2

Gitee•added 2020/09/14 1:38 p.m.•2 views

Gopherus

This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

6.9AI score

Exploits0

OSV•added 2019/05/14 3:29 p.m.•1 views

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

4.8CVSS5.8AI score0.00361EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by