CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

77 matches found

Vulnrichment•added 2026/02/18 9:10 p.m.•1 views

CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00074EPSS

Exploits1References3

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20517

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00074EPSS

Exploits1References3

CVE•added 2025/12/20 3:20 a.m.•6 views

CVE-2025-14168

CVE-2025-14168 concerns the WordPress plugin WP DB Booster. The issue is a Cross-Site Request Forgery (CSRF) vulnerability on the cleanup_all AJAX action, present in versions up to and including 1.0.1. The flaw allows unauthenticated attackers to trigger actions that delete database records such ...

4.3CVSS5AI score0.00011EPSS

Exploits0References3

OSV•added 2025/12/14 4:15 a.m.•2 views

CVE-2025-67896

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation...

9.8CVSS7.3AI score

Exploits0References5

OSV•added 2025/12/11 5:1 p.m.•2 views

GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

3.1CVSS6.5AI score0.00047EPSS

Exploits1References4

Veracode•added 2025/11/27 9:40 a.m.•3 views

SQL Injection

melisplatform/melis-cms is vulnerable to SQL injection.The vulnerability is due to improper validation of the idPage parameter in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint, which allows an attacker to retrieve, create, update, or delete database records through crafted SQL queries...

9.3CVSS7.5AI score0.00014EPSS

Exploits2References4Affected Software1

OSV•added 2025/10/12 3:15 a.m.•2 views

CVE-2025-31997

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References IDOR. An attacker can bypass authorization and access resources in the system directly, for example database records or files...

7.5CVSS5.8AI score0.00033EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-4231

Malware in sbrugna...

4CVSS6.3AI score0.00565EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-15541

Malware in sbrugna...

7.5CVSS7.5AI score0.00237EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0407

Malware in sbrugna...

5.4CVSS5.3AI score0.00206EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5300

Malware in sbrugna...

5CVSS6.3AI score0.00537EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-5454

Malware in sbrugna...

4CVSS6.4AI score0.00129EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-33812

Malicious code in bioql PyPI...

10CVSS9AI score0.00107EPSS

Exploits0References1

Packet Storm•added 2024/09/11 12:0 a.m.•652 views

VICIdial 2.14-917a SQL Injection

KL-001-2024-011: VICIdial Unauthenticated SQL Injection Title: VICIdial Unauthenticated SQL Injection Advisory ID: KL-001-2024-011 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt 1. Vulnerability Details Affected Vendor: VICIdial Affect...

9.8CVSS7AI score0.93095EPSS

Exploits10

OSV•added 2024/06/07 5:19 p.m.•10 views

GHSA-C5MJ-39CF-3PP5 TYPO3 Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...

7.3CVSS7.3AI score

Exploits0References5

Github Security Blog•added 2024/06/07 5:19 p.m.•13 views

TYPO3 Security Misconfiguration for Backend User Accounts

7.3AI score

Exploits0References5Affected Software1

Veracode•added 2024/06/03 7:21 a.m.•9 views

Insecure Credential Storage

typo3/cms-core is vulnerable to Insecure Credential Storage. The vulnerability is due to the persistence of database records containing insecure or empty credentials when certain changes are made to user account types in the TYPO3 backend, which allows an attacker to cause insecure or empty...

7AI score

Exploits0

Vulnrichment•added 2024/06/03 6:26 a.m.•10 views

CVE-2024-5311 DigiWin EasyFlow .NET - SQL Injection

DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records...

9.8CVSS8AI score0.00687EPSS

Exploits0References1

Cvelist•added 2024/06/03 6:26 a.m.•19 views

CVE-2024-5311 DigiWin EasyFlow .NET - SQL Injection

DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records...

9.8CVSS9.9AI score0.00687EPSS

Exploits0References1

OSV•added 2024/05/30 3:39 p.m.•14 views

GHSA-RXC9-F2X6-QH4W TYPO3 Security Misconfiguration for Backend User Accounts

7.5CVSS7.3AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by