CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

292 matches found

CVE-2026-10559

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be us...

6.5CVSS0.00046EPSS

Exploits0References6

ATTACKERKB•added 2026/02/27 5:23 p.m.•3 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00098EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/01/09 12:27 p.m.•7 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.2CVSS7.5AI score0.00124EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:7 p.m.•4 views

CVE-2018-6354

templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the next parameter...

6.1CVSS6AI score0.00223EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:40 a.m.•5 views

CVE-2022-35560

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.94122 version, which can be exploited by attackers to cause a denial of service DoS via the index parameter...

7.5CVSS7.1AI score0.00391EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:12 a.m.•7 views

CVE-2019-11399

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the getset.ccp lanHostCfgHostName1.1.1.0.0 parameter...

10CVSS7.6AI score0.042EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:55 a.m.•4 views

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

6.1CVSS6.7AI score0.0045EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:54 a.m.•4 views

CVE-2020-23978

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"...

9.8CVSS8AI score0.01137EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•6 views

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter...

9CVSS9AI score0.91391EPSS

Exploits5References1