CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1161 matches found

OSV•added 2025/12/19 9:30 p.m.•1 views

GHSA-CV8H-R7R5-VWJ9 Kimai contains a SameSite cookie vulnerability

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS5.5AI score0.00146EPSS

Exploits1References4

Vulnrichment•added 2025/12/15 8:28 p.m.•1 views

CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

6.9CVSS7AI score0.00434EPSS

Exploits1References4

EUVD•added 2025/10/21 12:0 a.m.•1 views

EUVD-2025-35195

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a...

7.2CVSS6.3AI score0.00193EPSS

Exploits1References2

OSV•added 2025/10/16 6:15 p.m.•0 views

CVE-2025-34514

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...

8.8CVSS6AI score0.00316EPSS

Exploits3References3

EUVD•added 2025/10/16 5:56 p.m.•2 views

EUVD-2025-34802

8.7CVSS7.6AI score0.00316EPSS

Exploits3References4