CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 5 days ago•4 views

CVE-2016-20079 WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

6.9CVSS5.4AI score0.00778EPSS

EUVD•added 5 days ago•6 views

EUVD-2016-10891

6.9CVSS5.4AI score0.00778EPSS

Cvelist•added 5 days ago•26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS

Vulnrichment•added 5 days ago•4 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

8.8CVSS6.1AI score0.0027EPSS

Cvelist•added 5 days ago•26 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS0.0027EPSS

EUVD•added 5 days ago•5 views

EUVD-2016-10884

8.8CVSS6.1AI score0.0027EPSS

Vulnrichment•added 5 days ago•4 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

8.8CVSS6.1AI score0.0027EPSS

EUVD•added 5 days ago•4 views

EUVD-2016-10881

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS

Vulnrichment•added 5 days ago•3 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

8.8CVSS6.1AI score0.0024EPSS

Cvelist•added 5 days ago•28 views

CVE-2026-34026 Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

7.1CVSS0.00394EPSS

Exploits1References2

CVE•added 5 days ago•8 views

CVE-2026-34026

CVE-2026-34026 concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The vulnerability is a path traversal in the /safe/selfservice/openselfservicedocument endpoint, where the application builds a file path from attacker-controlled input in the documentName parameter withou...

7.1CVSS5.5AI score0.00394EPSS

Exploits1References2

CVE•added 5 days ago•9 views

CVE-2026-12219

CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...

6.5CVSS6.4AI score0.01519EPSS

Exploits0References5

Vulnrichment•added 5 days ago•6 views

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS8.2AI score0.00371EPSS

Exploits0References5

NVD•added 5 days ago•10 views

CVE-2026-12200

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS0.00324EPSS

Exploits0References5

Cvelist•added 5 days ago•26 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

0.01046EPSS

Cvelist•added 5 days ago•25 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS

Exploits1References1

Cvelist•added 5 days ago•24 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

0.01046EPSS

Cvelist•added 5 days ago•28 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

0.00321EPSS

Cvelist•added 5 days ago•25 views

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

0.01046EPSS