CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/11 12:0 a.m.•6 views

MuuCmf 安全漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version MuuCMF T6 1.9.4.20260115 contains a security vulnerability. This vulnerability stems from the keyword parameter in the /index/controller/Search.php endpoint, which exposes a SQL injection vulnerability. It...

7.3CVSS6.3AI score0.0022EPSS

Cvelist•added 2026/05/11 12:0 a.m.•26 views

CVE-2026-36962

0.0022EPSS

CNNVD•added 2026/04/28 12:0 a.m.•4 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...

6.5CVSS6.7AI score0.00043EPSS

Exploits0References1

CNNVD•added 2026/04/19 12:0 a.m.•4 views

MuuCmf 安全漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a security vulnerability, which stems from the handling of the keyword parameter in the file/index/Search/index.html. This vulnerability may lead to SQL injection attacks...

7.5CVSS7.2AI score0.0004EPSS

EUVD•added 2026/04/09 9:31 p.m.•0 views

EUVD-2023-60557

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

NVD•added 2026/04/09 9:16 p.m.•1 views

CVE-2023-54362

6.1CVSS0.00036EPSS

CVE•added 2026/04/09 8:54 p.m.•6 views

CVE-2023-54362

Joomla VirtueMart Shopping-Cart 4.0.12 is affected by a reflected XSS in the keyword parameter of the product-variants endpoint. The vulnerability allows an attacker to craft a URL containing a script payload that, when visited by a user, executes arbitrary JavaScript in the victim’s browser and ...

Vulnrichment•added 2026/04/09 8:54 p.m.•3 views

CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword

ATTACKERKB•added 2026/04/09 8:54 p.m.•2 views

CVE-2023-54362

Exploits0References4Affected Software1

Cvelist•added 2026/04/09 8:54 p.m.•16 views

CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword

6.1CVSS0.00036EPSS

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31729

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31728

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter keyword GET parameter of the...

6.1CVSS6.2AI score0.00042EPSS

CNNVD•added 2026/03/26 12:0 a.m.•3 views

MuuCmf 代码注入漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version muucmf 1.9.5.20260309 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named "keyword" in the file channel/admin.Account/autoReply.html, which may lead t...

5.3CVSS5.7AI score0.00042EPSS

NVD•added 2026/03/16 8:16 p.m.•1 views

CVE-2026-30882

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS0.00013EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•1 views

PT-2026-25807

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $ REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS5.8AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/03/11 12:0 a.m.•3 views

weimai-wetapp SQL注入漏洞

Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...

5.8CVSS5.9AI score0.00041EPSS