CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20294 matches found

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.4AI score0.17118EPSS

Exploits0References5

Nuclei•added 13 hours ago•51 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.4AI score0.14558EPSS

Exploits4References5

Nuclei•added 13 hours ago•25 views

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS

Exploits2References4

Nuclei•added 13 hours ago•33 views

WordPress e-search <=1.0 - Cross-Site Scripting

Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via dateselect.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.02897EPSS

Exploits2References3

Nuclei•added 13 hours ago•275 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7.2AI score0.70589EPSS

Exploits1References5

Nuclei•added 13 hours ago•22 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.3AI score0.02941EPSS

Exploits2References3

Nuclei•added 13 hours ago•20 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7.3AI score0.05116EPSS

Exploits2References4

CVE•added yesterday•10 views

CVE-2026-10857

CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...

6.1CVSS5.8AI score

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-38445

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•27 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

6.1CVSS

Exploits0References1

Nuclei•added yesterday•146 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.2AI score0.32895EPSS

Exploits4References5

Nuclei•added yesterday•15 views

Diary Management System 1.0 - Cross-Site Scripting

Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php. id: CVE-2022-29004 info: name: Diary Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Diary Management System 1.0 contains a cross-sit...

6.1CVSS6.2AI score0.03453EPSS

Exploits1References5

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pairs only capable devices The use of devcom for OFFLOADS pairing is only possible on devices that support LAG. Filters are based on the device’s lag capabilities. This fix addresses an issue where...

5.5CVSS5.8AI score0.00239EPSS

Exploits0References2

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46973

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.8CVSS0.00402EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46971

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...

7.5CVSS0.00247EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46976

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...

7.2CVSS0.00339EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46961

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46960

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

7.2CVSS0.00453EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•8 views

CVE-2026-46963

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS0.00402EPSS

Exploits0References1

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46965

8.8CVSS0.00402EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by