CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/29 5:54 a.m.•14 views

CVE-2026-9493

CVE-2026-9493 concerns BankPro E-Service Technology’s Service Center, which contains an Insecure Direct Object Reference vulnerability. Authenticated remote attackers can alter a parameter in a specific query function to access other users’ EC order details. The issue exposes sensitive confidenti...

7.1CVSS5.8AI score0.00259EPSS

Exploits0References2

6.5CVSS6.7AI score0.04341EPSS

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...

Exploits1References4

ATTACKERKB•added 2026/05/29 12:0 a.m.•7 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS

CNNVD•added 2026/05/29 12:0 a.m.•8 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

4.3CVSS5.9AI score0.00211EPSS

Exploits0References1

8.8CVSS5.9AI score0.00334EPSS

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the namakelompok POST parameter, which may allow...

8.8CVSS5.9AI score0.00334EPSS

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

5.4CVSS5.7AI score0.00215EPSS

WikidForum 跨站脚本漏洞

WikidForum is an open-source web-based forum management system developed by WikidForum. Version 2.20 of WikidForum has a cross-site scripting vulnerability. This vulnerability stems from the use of the replytext parameter to submit specially crafted HTML. As a result, authenticated attackers may...

7.1CVSS5.9AI score0.00565EPSS

Naviwebs Navigate CMS 路径遍历漏洞

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Open ISES Project SQL注入漏洞

CNNVD•added 2026/05/29 12:0 a.m.•7 views

JetBrains TeamCity 参数注入漏洞

8.8CVSS6.2AI score0.00411EPSS

Exploits0References1

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44900

5.9AI score0.00241EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44755

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS

Exploits1References4

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticklat and tickln...

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44880

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc types graph.php with crafted SQL payloads to extract sensitive...