CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

274274 matches found

Packet Storm•added 2026/04/13 12:0 a.m.•96 views

📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

8.8CVSS5.8AI score0.00331EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•68 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...

8.8CVSS5.9AI score0.00423EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•67 views

📄 Cockpit CMS 2.13.5 NoSQL Injection

Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...

5.8AI score

Exploits0

Packet Storm•added 2026/04/13 12:0 a.m.•75 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

8.8CVSS5.9AI score0.00381EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•100 views

📄 ChurchCRM 6.4.0 Cross Site Scripting

ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...

9.3CVSS5.2AI score0.00165EPSS

Exploits2

Packet Storm•added 2026/04/13 12:0 a.m.•81 views

📄 FacturaScripts SQL Injection

FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the API ORDER BY clause. CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER BY Clause Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25513 | | Severity | HIGH | | Advisory | View...

8.8CVSS6.2AI score0.00473EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•78 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

8.7CVSS5.9AI score0.00356EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•60 views

📄 Pachno 1.0.6 Cross Site Request Forgery

Pachno version 1.0.6 suffers from a cross site request forgery vulnerability. Pachno 1.0.6 Cross-Site Request Forgery Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly known as...

5.2AI score

Exploits0

Packet Storm•added 2026/04/13 12:0 a.m.•147 views

📄 Shopware Improper Control

Shopware versions greater than or equal to 6.7.0.0 and less than 6.7.6.1 has an improper control related to Twig rendered views. CVE-2026-23498: Shopware Has Improper Control of Generation of Code in Twig rendered views Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23498 | | Severity...

7.2CVSS7.2AI score0.00407EPSS

Exploits1

Packet Storm•added 2026/04/13 12:0 a.m.•80 views

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

9.4CVSS5.9AI score0.00462EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•72 views

📄 EGroupware SQL Injection

EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...

8.8CVSS5.9AI score0.0036EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•106 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Stampe module. CVE-2025-69215: OpenSTAManager has an SQL Injection in the Stampe Module Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69215 | | Severity | HIGH | | Advisory | View Advisory...

8.8CVSS5.9AI score0.00374EPSS

Exploits3

Packet Storm•added 2026/04/13 12:0 a.m.•97 views

📄 TypiCMS Cross Site Scripting

TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads. CVE-2026-27621: TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload Overview | Field | Details | |---|---| | CVE ID | CVE-2026-27621 | | Severity | MEDIUM | | Advisory | View...

6.8CVSS5.2AI score0.00188EPSS

Exploits2