CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

pythonbook V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

7.5CVSS6.4AI score0.00543EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:12 a.m.•3 views

CVE-2023-47727

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089...

4.3CVSS6.4AI score0.00348EPSS

Exploits0

NVD•added 2024/11/15 4:15 p.m.•39 views

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

6.5CVSS0.0049EPSS

Exploits1References2

Vulnrichment•added 2024/11/15 12:0 a.m.•18 views

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...

6.4AI score0.0049EPSS

Exploits1References2

Cvelist•added 2024/11/14 12:0 a.m.•10 views

CVE-2024-40579

Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter...

0.00341EPSS

Exploits0References1

NVD•added 2024/05/15 3:15 a.m.•9 views

CVE-2024-4894

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...

5.3CVSS5.4AI score0.00454EPSS

Exploits0References2

CVE•added 2023/11/17 10:1 a.m.•68 views

CVE-2023-5445

The CVE-2023-5445 open redirect affects Trellix ePolicy Orchestrator (ePO) before 5.10.0 CP1 Update 2. A low-privileged, authenticated user can modify a URL parameter to redirect requests to a malicious site, targeting the dashboard area. The vulnerability requires the attacker to alter the HTTP ...

5.4CVSS5.3AI score0.00406EPSS

Exploits0References1Affected Software1

NVD•added 2023/11/02 10:15 p.m.•15 views

CVE-2023-43194

Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...

5.3CVSS5.3AI score0.00505EPSS

Exploits1References2

wpexploit•added 2023/05/31 12:0 a.m.•185 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

9.8CVSS9.3AI score0.3962EPSS

Exploits8

Positive Technologies•added 2023/02/27 12:0 a.m.•4 views

PT-2023-1472 · Wago · Wago Cc100 +3

Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO CC100 versions affected versions not specified WAGO Edge Controller versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified...

9.8CVSS6.9AI score0.0074EPSS

Exploits0References4

Cvelist•added 2022/12/22 8:34 p.m.•22 views

CVE-2022-43858 IBM Navigator for i information disclosure

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

4.3CVSS4.6AI score0.00989EPSS

Exploits0References2

Positive Technologies•added 2022/12/13 12:0 a.m.•2 views

PT-2022-6832 · Ce805M · Ce805M

Name of the Vulnerable Software and Affected Versions: CE805M affected versions not specified Description: The issue is related to the incorrect management of code generation in the CMD W REG command handler of the CE A protocol implementation in the CE805M data collection and transmission device...

9CVSS7.2AI score

Exploits0References2

OSV•added 2022/09/09 3:15 p.m.•2 views

CVE-2022-26394

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail...

5.4CVSS5.8AI score0.00336EPSS

Exploits0References2

CNNVD•added 2022/09/01 12:0 a.m.•4 views

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...

6.1CVSS6.2AI score0.00283EPSS

Exploits0References4

OSV•added 2022/08/24 4:15 p.m.•1 views

CVE-2022-2234

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system...

8.8CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by