CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

NVD•added 2026/05/08 6:16 a.m.•8 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS0.59548EPSS

Exploits3References3

RedhatCVE•added 2026/03/26 3:1 p.m.•1 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2025/12/14 12:2 p.m.•5 views

CVE-2025-41080

A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/', leading to a stored Cross-Site Scripting XSS. Mitigation Restrict network access to the...

6.1CVSS6.5AI score0.00027EPSS

Exploits0References4

Positive Technologies•added 2025/12/04 12:0 a.m.•3 views

PT-2025-49018

Name of the Vulnerable Software and Affected Versions Seafile version 12.0.10 Description A stored Cross-Site Scripting XSS issue exists in Seafile. This allows an attacker to execute arbitrary code in a victim’s browser. The issue is caused by storing malicious payloads with the POST parameter p...

6.1CVSS6.6AI score0.00027EPSS

Exploits0References5

Positive Technologies•added 2025/11/11 12:0 a.m.•2 views

PT-2025-46657

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A path traversal issue exists that could lead to elevated system access. This occurs when a Web Admin user on the local network manipulates the POST /REST/UpdateJRE request payload. The issue involve...

7.3CVSS6AI score0.00024EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-24591

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00141EPSS

Exploits1References1

Vulnrichment•added 2025/08/13 12:0 a.m.•1 views

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wdsset in the payload, which can cause the program to crash and potentially lead to a Denial...

7.5AI score0.00141EPSS

Exploits1References1

CVE•added 2025/08/13 12:0 a.m.•12 views

CVE-2025-50614

Netis WF2880 v2.1.40207 is affected by a buffer overflow in the FUN_0047151c function of cgitest.cgi. Exploitation is triggered by controlling wds_set in the payload, potentially crashing the program and enabling a Denial of Service (DoS). Multiple sources (CNVD, Red Hat, NVD, CVE list, CNNVD, et...

7.5CVSS7.5AI score0.00141EPSS

Exploits1References1Affected Software1

OSV•added 2024/05/30 3:15 p.m.•0 views

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

5.4CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 2023/12/14 3:15 p.m.•0 views

CVE-2023-50566

A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...

5.4CVSS6.2AI score0.00183EPSS

Exploits1References2

Vulnrichment•added 2023/08/28 12:0 a.m.•7 views

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

8.8AI score0.02108EPSS

Exploits1References2

CNNVD•added 2022/10/28 12:0 a.m.•2 views

seccome Ehoney SQL注入漏洞

seccome Ehoney is a secure, fast, highly interactive, enterprise-grade honeypot management system open-sourced by China seccome. seccome Ehoney has a security vulnerability , the vulnerability stems from its file /api/v1/bait/set in the unknown function of the parameter Payload operation leads to...

9.8CVSS8.4AI score0.00189EPSS

Exploits0References3

CNVD•added 2018/11/28 12:0 a.m.•1 views

Xiaomi Mi Router 3 Command Injection Vulnerability

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A system command injection vulnerability exists in the requestmitv endpoint in Xiaomi Mi Router 3 version 2.22.15. The vulnerability can be exploited to execute arbitrary system commands with the 'payload' URL parameter...

9CVSS9.3AI score0.2042EPSS

Exploits1References1

OSV•added 2018/11/27 8:29 p.m.•1 views

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

8.8CVSS6AI score

Exploits0References1

0day.today•added 2016/02/15 12:0 a.m.•21 views

Tiny Tiny RSS - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

7.1AI score

Exploits0

0day.today•added 2013/07/23 12:0 a.m.•41 views

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

6CVSS7AI score0.60925EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by