CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/20 4:30 a.m.•18 views

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

7.1CVSS0.00314EPSS

Vulnrichment•added 2026/03/20 4:30 a.m.•1 views

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

7.1CVSS5.8AI score0.00314EPSS

CNNVD•added 2026/03/20 12:0 a.m.•4 views

Frappe SQL注入漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 16.8.0 and 15.100.0 have a SQL injection vulnerability. This vulnerability stems from insufficient parameter validation, which ma...

7.5CVSS5.9AI score0.00314EPSS

CNNVD•added 2026/03/11 12:0 a.m.•2 views

Taskosaur 安全漏洞

Taskosaur is an open-source project management platform that integrates conversational AI. Version 1.0.0 of Taskosaur contains a security vulnerability; this vulnerability arises from incorrect validation of role parameters during the user registration process, which may lead to unauthorized...

9.8CVSS5.8AI score0.00638EPSS

Exploits1References2

CNNVD•added 2026/03/05 12:0 a.m.•4 views

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from insufficient validation of API path parameters. This...

8.5CVSS5.8AI score0.00304EPSS

Exploits1References1

NVD•added 2026/03/04 6:16 p.m.•4 views

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS0.00264EPSS

CNNVD•added 2026/03/04 12:0 a.m.•2 views

Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a security vulnerability present in Cisco Secure Firewall Threat Defense, which stems from insufficient validation of command parameters provided by users. This vulnerability...

6CVSS6.1AI score0.00172EPSS

CNNVD•added 2026/03/04 12:0 a.m.•4 views

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 跨站脚本漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

6.1CVSS5.7AI score0.00264EPSS

CVE•added 2026/03/02 2:47 p.m.•7 views

CVE-2025-50188

CVE-2025-50188 affects Chamilo LMS prior to version 1.11.30. The vulnerability arises from insufficient validation of user-supplied data in GET parameters for the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php , enabling an attacker to alter database query log...

7.2CVSS6AI score0.00708EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/03/02 12:0 a.m.•2 views

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of user data for the GET value parameters in the scripts /plugin/vchamilo/views/syncparams.php...

7.2CVSS5.9AI score0.00708EPSS

Exploits1References3

Vulnrichment•added 2026/02/24 6:39 p.m.•2 views

CVE-2026-3105 SQL Injection in Contact Activity API Sorting

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated...

7.6CVSS6.2AI score0.00289EPSS

NVD•added 2026/02/22 6:16 a.m.•3 views

CVE-2026-1369

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

4.3CVSS0.00156EPSS

Vulnrichment•added 2026/02/22 6:0 a.m.•2 views

CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

5.3AI score0.00156EPSS

CNNVD•added 2026/02/22 12:0 a.m.•5 views

WordPress plugin Conditional CAPTCHA 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There are...

4.3CVSS5.8AI score0.00156EPSS

Positive Technologies•added 2026/02/22 12:0 a.m.•3 views

PT-2026-21418

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

5.5AI score0.00156EPSS

CNNVD•added 2026/02/20 12:0 a.m.•6 views

SVXportal 安全漏洞

SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation for the search query parameter in the admin/log.php file, which could lead to...

6.1CVSS5.7AI score0.00155EPSS