CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

NVD•added 2026/04/29 8:16 p.m.•1 views

CVE-2018-25298

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS0.0002EPSS

Exploits0References3

ATTACKERKB•added 2026/02/03 10:1 p.m.•1 views

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS5.2AI score0.00041EPSS

Exploits0References3Affected Software1

NVD•added 2026/01/29 3:16 p.m.•5 views

CVE-2020-37007

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...

5.3CVSS0.00032EPSS

Exploits1References3

Veracode•added 2025/05/13 7:44 p.m.•6 views

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

8CVSS6.2AI score0.0014EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by