CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2734 matches found

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6.1AI score0.02988EPSS

Exploits2References2

NVD•added 2026/06/19 6:16 p.m.•8 views

CVE-2019-25759

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...

7.1CVSS0.00221EPSS

Exploits0References4

NVD•added 2026/06/19 6:16 p.m.•9 views

CVE-2019-25758

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS

Exploits0References4

CVE•added 2026/06/19 5:38 p.m.•12 views

CVE-2019-25759

The CVE-2019-25759 entry describes an SQL injection in Joomla! component vbizz 1.0.7 where an authenticated attacker can craft the payid parameter to execute arbitrary SQL via POST to the employee management interface, potentially exposing database version and names. The provided sources confirm ...

7.1CVSS6.3AI score0.00221EPSS

Exploits0References4

Cvelist•added 2026/06/19 5:38 p.m.•18 views

CVE-2019-25759 Joomla! Component vBizz 1.0.7 SQL Injection

7.1CVSS0.00221EPSS

Exploits0References4

EUVD•added 2026/06/19 5:35 p.m.•5 views

EUVD-2019-20194

8.8CVSS6.4AI score0.0067EPSS

Exploits0References4

ATTACKERKB•added 2026/06/19 5:35 p.m.•4 views

CVE-2019-25758

8.8CVSS6.4AI score0.0067EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/06/19 12:0 a.m.•14 views

PT-2026-50995

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...

7.1CVSS6.2AI score0.00221EPSS

Exploits0References8

Positive Technologies•added 2026/06/19 12:0 a.m.•13 views

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

8.8CVSS6.4AI score0.0067EPSS

Exploits0References8

EUVD•added 2026/06/16 9:32 p.m.•11 views

EUVD-2026-37205

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

7.4CVSS5.5AI score0.00149EPSS

Exploits0References2

NVD•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-12425

7.4CVSS0.00149EPSS

Exploits0References1

CVE•added 2026/06/16 6:34 p.m.•11 views

CVE-2026-12425

CVE-2026-12425 is a reflected/DOM-based XSS in PowerSchool Employee Access Center 23.10. The issue allows injection of JavaScript after the login URL that can be eval()’d in the user’s browser context, enabling an attacker to run code with the user’s privileges. The CVSS metrics indicate network ...

7.4CVSS5.5AI score0.00149EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/16 6:34 p.m.•22 views

CVE-2026-12425 Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10

7.4CVSS0.00149EPSS

Exploits0References1

Positive Technologies•added 2026/06/16 12:0 a.m.•12 views

PT-2026-49825

Name of the Vulnerable Software and Affected Versions PowerSchool Employee Access Center version 23.10 Description Improper Neutralization of Input During Web Page Generation allows Cross-Site Scripting XSS, a flaw where malicious scripts are injected into otherwise trusted websites. An attacker...

7.4CVSS5.9AI score0.00149EPSS

Exploits0References4

RedhatCVE•added 2026/06/08 8:58 a.m.•11 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS

Exploits0References1

Nuclei•added 2026/06/08 5:28 a.m.•13 views

PrestaShop - Information Disclosure

User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...

3.7CVSS5.3AI score0.00755EPSS

Exploits1References3

ATTACKERKB•added 2026/06/07 3:45 a.m.•6 views

CVE-2026-11453

6.5CVSS5.3AI score0.00193EPSS

Exploits0References5Affected Software1