CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/23 2:24 p.m.•1 views

Exploits0References5

CVE-2026-4590

Exploits0References4Affected Software1

CVE•added 2026/03/23 2:24 p.m.•3 views

CVE-2026-4590

CVE-2026-4590 affects kalcaddle kodbox 1.64. The vulnerable element is the loginSubmit API component, specifically an unknown function in /workspace/source-code/plugins/oauth/controller/bind/index.class.php. Manipulating the argument third enables cross-site request forgery (CSRF). The issue is e...

Vulnrichment•added 2026/03/23 2:24 p.m.•0 views

CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

CNNVD•added 2026/03/23 12:0 a.m.•3 views

Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the 1.64 version of Kalcaddle Kodbox. This vulnerability stems from incorrect handling of the parameter “third” in the component loginSubmit...

3.1CVSS5.6AI score0.0002EPSS

EUVD•added 2025/12/31 12:31 a.m.•1 views

EUVD-2022-55927

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

7.5CVSS6.3AI score0.00035EPSS

Exploits1References5

Positive Technologies•added 2025/12/30 12:0 a.m.•2 views

PT-2025-54247

Name of the Vulnerable Software and Affected Versions H3C SSL VPN affected versions not specified Description The software contains a user enumeration issue. An attacker can identify valid usernames by submitting different usernames to the /login submit.cgi API endpoint via the txtUsrName POST...

7.5CVSS6.5AI score0.00035EPSS

Exploits1References6

RedhatCVE•added 2025/10/28 4:9 a.m.•5 views

CVE-2025-12215

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

9.8CVSS7.2AI score0.00034EPSS

Exploits1References1

NVD•added 2025/10/27 4:15 a.m.•2 views

CVE-2025-12215

9.8CVSS0.00034EPSS

OSV•added 2025/10/27 4:15 a.m.•0 views

CVE-2025-12215

9.8CVSS5.8AI score

Cvelist•added 2025/10/27 4:2 a.m.•8 views

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

7.5CVSS0.00034EPSS

Vulnrichment•added 2025/10/27 4:2 a.m.•3 views

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

7.5CVSS7.2AI score0.00034EPSS

Positive Technologies•added 2025/10/27 12:0 a.m.•3 views

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

9.8CVSS7.1AI score0.00034EPSS

Exploits1References11

CNNVD•added 2025/10/27 12:0 a.m.•2 views

Projectworlds Online Shopping System SQL注入漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter keywords in the file /loginsubmit.php, which could lead t...

9.8CVSS7.8AI score0.00034EPSS