CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•5 views

EUVD-2026-38290

4.8CVSS6AI score

Cvelist•added 5 days ago•32 views

CVE-2026-12044 pgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog templates

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS

Exploits0References3

Positive Technologies•added 5 days ago•11 views

PT-2026-50810

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description SQL injection is possible across multiple dialog templates that render descriptions for Domains, Foreign Tables, Languages, and Event Triggers, as well as the Views OID-lookup query. The issue...

8.8CVSS6.3AI score

Exploits0References8

Cvelist•added 2026/06/09 9:9 p.m.•30 views

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.0035EPSS

Exploits1References3

NVD•added 2026/06/02 3:16 a.m.•10 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS0.00237EPSS

Exploits0References9

NVD•added 2026/05/16 4:16 p.m.•10 views

CVE-2020-37237

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS0.00239EPSS

EUVD•added 2026/05/16 3:26 p.m.•10 views

EUVD-2021-34836

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

5.4CVSS5.9AI score0.00178EPSS

CVE•added 2026/05/16 3:25 p.m.•11 views

CVE-2020-37237

Summary : CVE-2020-37237 affects Composr CMS 10.0.34. A persistent cross-site scripting (XSS) flaw exists in the banner management interface, enabling authenticated administrators to inject scripts via the Description field in Add banner. Payloads executed for all visitors when they access the ho...

6.4CVSS5.7AI score0.00239EPSS

Vulnrichment•added 2026/05/16 3:25 p.m.•8 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

6.4CVSS5.7AI score0.00239EPSS

EUVD•added 2026/05/16 3:25 p.m.•7 views

EUVD-2020-31241

6.4CVSS5.7AI score0.00239EPSS

NVD•added 2026/05/11 8:25 p.m.•10 views

CVE-2026-42870

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS0.00281EPSS

EUVD•added 2026/05/11 6:32 p.m.•8 views

EUVD-2026-29185

6.4CVSS5.8AI score0.00281EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•13 views

PT-2026-39735

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profile funcionario.php?id funcionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving...

6.4CVSS5.8AI score0.00281EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Description field in the funcionario/profilefuncionario.php endpoint not being cleaned properly, which...

6.4CVSS5.6AI score0.00281EPSS

CNNVD•added 2026/04/25 12:0 a.m.•6 views

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Description parameter in the rmon...

4.8CVSS5.6AI score0.00245EPSS

Cvelist•added 2026/04/13 6:10 p.m.•16 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00161EPSS

Exploits1References2

CNNVD•added 2026/04/07 12:0 a.m.•5 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of values for the Name and Description fields in the PropertyTypeEditor.php file, which could lead ...

8.1CVSS5.9AI score0.00226EPSS