CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

231554 matches found

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01071EPSS

Exploits1References5

Nuclei•added 9 hours ago•75 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.02582EPSS

Exploits1References5

Nuclei•added 9 hours ago•19 views

Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion

Razer Sila Gaming Router 2.0.441api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files. id: CVE-2022-29014 info: name: Razer Sila Gaming Router 2.0.441api-2.0.418 - Local File Inclusion author: edoardottt severity: high description: Razer Sila Gaming...

7.5CVSS7.2AI score0.10612EPSS

Exploits1References5

Nuclei•added 9 hours ago•34 views

CopyParty v1.8.6 - Cross Site Scripting

Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting XSS Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link...

6.3CVSS6.6AI score0.06195EPSS

Exploits3References5

Nuclei•added 9 hours ago•55 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS6.9AI score0.02268EPSS

Exploits1References2

Nuclei•added 9 hours ago•29 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS

Exploits5References5

Nuclei•added 9 hours ago•37 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.3AI score0.01116EPSS

Exploits1References3

Nuclei•added 9 hours ago•28 views

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

6.1CVSS6.2AI score0.07652EPSS

Exploits1References3

Nuclei•added 9 hours ago•22 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6AI score0.14847EPSS

Exploits1References5

Nuclei•added yesterday•120 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.9AI score0.75088EPSS

Exploits0References5

Nuclei•added yesterday•29 views

Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

6.1CVSS6.3AI score0.01983EPSS

Exploits1References2

Nuclei•added yesterday•116 views

ECShop 4.1.0 - SQL Injection

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...

7.5CVSS7.2AI score0.05521EPSS

Exploits0References2

Nuclei•added yesterday•92 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS6.1AI score0.08761EPSS

Exploits1References5

Nuclei•added yesterday•23 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7.2AI score0.39391EPSS

Exploits4References5

CVE•added 6 days ago•36 views

CVE-2024-24709

CVE-2024-24709 targets the WordPress Shareaholic plugin, affecting versions up to 9.7.11. The root cause is a missing Authorization check on accept_terms_of_service, enabling a user with subscriber-level privileges (or higher) to exploit broken access control. The vulnerability is classified as M...

4.3CVSS8.4AI score0.00192EPSS

Exploits0References1

Nuclei•added 2026/06/16 7:13 a.m.•78 views

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

9.8CVSS8.7AI score0.99442EPSS

Exploits7References6

CVE•added 2026/06/11 10:43 a.m.•66 views

CVE-2022-47150

CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...

4.3CVSS5.4AI score0.00113EPSS

Exploits0References1

CVE•added 2026/06/11 9:50 a.m.•66 views

CVE-2022-44630

The CVE-2022-44630 entry pertains to the WordPress plugin YITH WooCommerce Product Slider Carousel (vulnerable:

4.6CVSS5.4AI score0.00162EPSS

Exploits0References1

CVE•added 2026/06/11 9:47 a.m.•36 views

CVE-2022-42479

CVE-2022-42479 concerns a Broken Access Control in WordPress Soledad premium theme versions

5.4CVSS5.5AI score0.00283EPSS

Exploits0References1

CVE•added 2026/06/11 7:3 a.m.•10673 views

CVE-2023-33999

Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.

7.1CVSS7.8AI score0.00284EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by