CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE•added 2026/01/20 1:2 a.m.•15 views

CVE-2026-1202

CVE-2026-1202 affects CRMEB up to version 5.6.3. The vulnerable element is the appleLogin function in crmeb/app/api/controller/v1/LoginController.php, where manipulating the openId argument results in improper authentication. This allows remote exploitation, and public-proof-of-concept exploits e...

9.8CVSS5.3AI score0.0079EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/01/20 1:2 a.m.•4 views

CVE-2026-1202

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out...

9.8CVSS5.1AI score0.0079EPSS

Exploits1References4

RedhatCVE•added 2025/12/31 5:11 a.m.•3 views

CVE-2025-15220

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...

6.1CVSS5.8AI score0.00277EPSS

Exploits1References1

OSV•added 2025/12/30 5:16 a.m.•2 views

CVE-2025-15220

6.1CVSS5.8AI score

Exploits0References4

Vulnrichment•added 2025/12/30 4:32 a.m.•3 views

CVE-2025-15220 SohuTV CacheCloud LoginController.java init cross site scripting

5.3CVSS5.6AI score0.00277EPSS

Exploits1References4

Cvelist•added 2025/12/30 4:32 a.m.•29 views

CVE-2025-15220 SohuTV CacheCloud LoginController.java init cross site scripting

5.3CVSS0.00277EPSS

Exploits1References4

CVE•added 2025/12/30 4:32 a.m.•7 views

CVE-2025-15220

SohuTV CacheCloud

6.1CVSS5.6AI score0.00277EPSS

Exploits1References4Affected Software1

CNNVD•added 2025/12/30 12:0 a.m.•4 views

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the init function in the file src/main/java/com/sohu/cache/web/controller/LoginController.java, which...

6.1CVSS4.9AI score0.00277EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-25162

Malware in sbrugna...

5.3CVSS5.5AI score0.00847EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-27151

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00755EPSS

Exploits1References3

OSV•added 2025/09/15 5:49 a.m.•8 views

BIT-PRESTASHOP-2025-51586

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature...

3.7CVSS7AI score0.00755EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 8:10 p.m.•5 views

CVE-2021-38725

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php...

5.3CVSS6.9AI score0.00847EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:35 a.m.•5 views

CVE-2017-14145

HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...

9.8CVSS8.2AI score0.01161EPSS

Exploits1References1

OSV•added 2024/11/01 4:15 p.m.•2 views

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

9.1CVSS5.9AI score

Exploits0References2

CNNVD•added 2024/11/01 12:0 a.m.•3 views

IBOS 安全漏洞

IBOS is a collaborative office management system open-sourced by IBOS China. A security vulnerability exists in IBOS version 4.5.5, which stems from the existence of an arbitrary file deletion vulnerability that can be deleted via systemmodulesdashboardcontrollersLoginController.php...

9.1CVSS6.8AI score0.00444EPSS

Exploits1References2

CNNVD•added 2023/07/13 12:0 a.m.•2 views

Feedbacksystem 安全漏洞

Feedbacksystem is an application open-sourced by the Institute for Information Sciences. It uses artificial intelligence to provide smart, personalized feedback to students. A security vulnerability exists in feedbacksystem versions 1.5.0 through 1.19.2, which stems from LDAP user passwords being...

6CVSS5.7AI score0.00162EPSS

Exploits0References4

Prion•added 2021/09/09 3:15 p.m.•17 views

Design/Logic Flaw

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php...

5CVSS5.3AI score0.00847EPSS

Exploits0References2Affected Software1

0day.today•added 2017/09/25 12:0 a.m.•280 views

Joomla 3.7.5 LDAP Injection Vulnerability

Exploit for php platform in category web applications With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown LDAP...

5CVSS9.2AI score0.06333EPSS

Exploits3

CNVD•added 2017/09/08 12:0 a.m.•2 views

dayrui FineCms 'out' function cross-site scripting vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'out' function of the controllers/member/Login.php file in version 5.0.11 of...

6.1CVSS6AI score0.00635EPSS

Exploits0References1