CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-10370

Malware in sbrugna...

4.8CVSS5.2AI score0.00235EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 11:11 p.m.•4 views

CVE-2022-36510

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

7.8CVSS8AI score0.01727EPSS

Exploits1

OSV•added 2024/10/26 12:32 a.m.•5 views

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.1AI score0.00168EPSS

Exploits1References3

Vulnrichment•added 2024/10/25 12:0 a.m.•7 views

CVE-2024-48228

6.5AI score0.00168EPSS

Exploits1References1

NVD•added 2022/08/25 2:15 p.m.•11 views

CVE-2022-36510

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

7.8CVSS0.01727EPSS

Exploits1References1

Prion•added 2022/08/25 2:15 p.m.•23 views

Command injection

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

7.5CVSS9.8AI score0.14681EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/08/25 1:58 p.m.•16 views

CVE-2022-36509

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

8.1AI score0.01727EPSS

Exploits1References1

Positive Technologies•added 2022/08/25 12:0 a.m.•1 views

PT-2022-23784 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W version MiniGRW1A0V100R006 Description: A command injection issue was discovered via the param parameter at DelL2tpLNSList. Recommendations: For H3C GR-1200W version MiniGRW1A0V100R006, consider restricting access to the...

9.8CVSS9.6AI score0.14681EPSS

Exploits1References3

CVE•added 2017/07/24 12:0 a.m.•43 views

CVE-2017-11585

CVE-2017-11585 affects dayrui FineCMS 5.0.9 with remote PHP code execution through the param parameter in an action=cache request to libraries/Template.php, described as Eval Injection. The vulnerability allows an attacker to inject and execute arbitrary PHP code on the server. Exploitation and e...

9.8CVSS9.6AI score0.01065EPSS

Exploits1References1Affected Software1

Cvelist•added 2014/07/01 2:0 p.m.•16 views

CVE-2014-4516

Cross-site scripting XSS vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter...

5.9AI score0.00174EPSS

Exploits1References1

Cvelist•added 2014/05/14 7:0 p.m.•16 views

CVE-2014-1603

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 param parameter to admin/load.php or 2 user, 3 email, or 4 name parameter in a Save Settings action to admin/settings.php...

5.7AI score0.02855EPSS

Exploits4References3

Cvelist•added 2007/07/05 8:0 p.m.•12 views

CVE-2007-3572

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "" backtick characters %60 sequences...

7.7AI score0.10026EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by