CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

292 matches found

NVD•added 2026/06/02 2:16 a.m.•7 views

CVE-2026-10559

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be us...

6.5CVSS0.00227EPSS

Exploits0References6

ATTACKERKB•added 2026/02/27 5:23 p.m.•3 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00315EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/01/09 12:27 p.m.•8 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.2CVSS7.5AI score0.01626EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:7 p.m.•6 views

CVE-2018-6354

templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the next parameter...

6.1CVSS6AI score0.00763EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:40 a.m.•7 views

CVE-2022-35560

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.94122 version, which can be exploited by attackers to cause a denial of service DoS via the index parameter...

7.5CVSS7.1AI score0.00889EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:12 a.m.•10 views

CVE-2019-11399

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the getset.ccp lanHostCfgHostName1.1.1.0.0 parameter...

10CVSS7.6AI score0.0304EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:55 a.m.•5 views

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

6.1CVSS6.7AI score0.00952EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:54 a.m.•5 views

CVE-2020-23978

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"...

9.8CVSS8AI score0.02129EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•7 views

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter...

9CVSS9AI score0.36754EPSS

Exploits5References1