CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

Cvelist•added 2026/05/26 6:45 a.m.•33 views

CVE-2026-8046 Incorrect Authorization in CODESYS Control

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS0.00108EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43198

8.1CVSS5.8AI score0.00108EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-34006

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00034EPSS

Exploits0References3

Cvelist•added 2026/04/21 12:0 a.m.•26 views

CVE-2026-30452

0.00034EPSS

Exploits0References2

CNNVD•added 2026/02/25 12:0 a.m.•4 views

WordPress plugin The Events Calendar 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.4CVSS5.8AI score0.00064EPSS

Exploits0References6

ATTACKERKB•added 2026/02/21 4:30 a.m.•2 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.00014EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2026/02/19 8:30 p.m.•3 views

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.4AI score0.00014EPSS

Exploits0References5Affected Software1

NVD•added 2026/02/11 9:16 p.m.•2 views

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS0.00013EPSS

Exploits0References3

CNNVD•added 2026/01/28 12:0 a.m.•1 views

StudioCMS 安全漏洞

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the presence of corrupted object-level authorization in the content management functionality, which can be exploited by an attacker to cause a user with...

6.5CVSS5.8AI score0.00051EPSS

Exploits2References3

RedhatCVE•added 2026/01/09 11:20 a.m.•8 views

CVE-2021-22314

There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...

7.8CVSS6.7AI score0.00024EPSS

Exploits0References1

OSV•added 2025/12/09 12:2 p.m.•3 views

BIT-GITLAB-2024-9183 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific...

7.7CVSS6.7AI score0.00008EPSS

Exploits0References4

Debian CVE•added 2025/12/05 4:34 p.m.•4 views

CVE-2024-9183

Removed by vendor...

7.7CVSS6AI score0.00008EPSS

Exploits0

OSV•added 2025/10/30 5:47 p.m.•3 views

CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

8CVSS6AI score0.00037EPSS

Exploits0References4

EUVD•added 2025/10/30 5:47 p.m.•2 views

EUVD-2025-37033

8CVSS5.4AI score0.00037EPSS

Exploits0References5

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41897

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox ESR versions prior to 115.29 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 Description A compromised web process could trigger out-of-bounds read...

10CVSS8.7AI score0.19171EPSS

Exploits2References315

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-29901

Malware in sbrugna...

6.7CVSS6.6AI score0.00023EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-26332

Malware in sbrugna...

7.8CVSS7.7AI score0.00019EPSS

Exploits0References2