CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

RedhatCVE•added 2026/06/05 7:51 p.m.•7 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS5.9AI score0.01028EPSS

Exploits3References1

RedhatCVE•added 2026/05/11 8:27 p.m.•14 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS6AI score0.01549EPSS

Exploits4References1

NVD•added 2026/05/08 7:16 a.m.•8 views

CVE-2025-67887

9.8CVSS0.01549EPSS

Exploits4References6

CVE•added 2026/03/10 12:18 a.m.•7 views

CVE-2026-27687

CVE-2026-27687: A missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal allows a user with high privileges to access another company’s sensitive data. Root cause: lack of authorization validation. Impact: High confidentiality impact; no reported integrity or availabilit...

5.8CVSS5.8AI score0.00262EPSS

Exploits0References2

Cvelist•added 2026/02/03 4:56 p.m.•24 views

CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS0.00182EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:44 a.m.•6 views

CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

4.8CVSS6.4AI score0.00577EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:54 a.m.•11 views

CVE-2025-1421

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

2.4CVSS6.8AI score0.00214EPSS

Exploits0References1