CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

218 matches found

Positive Technologies•added 19 hours ago•4 views

PT-2026-46219

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add post.php. Performing a manipulation of the argument up file to post results in unrestricted upload. The attack may be initiated remotely. The exploit has...

6.5CVSS6.3AI score

Exploits0References7

NVD•added 2026/05/10 1:16 p.m.•4 views

CVE-2021-47924

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

6.4CVSS0.00047EPSS

Exploits0References4

Positive Technologies•added 2026/05/10 12:0 a.m.•8 views

PT-2026-39500

Name of the Vulnerable Software and Affected Versions Ultimate Product Catalog version 5.8.2 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts. This is achieved by submitting POST requests to the 'post.php' endpoint using the price paramete...

6.4CVSS6AI score0.00047EPSS

Exploits0References8

NVD•added 2026/04/13 8:16 p.m.•1 views

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

6.5CVSS0.00036EPSS

Exploits0References5

CNNVD•added 2026/04/13 12:0 a.m.•4 views

Code-Projects Easy Blog Site SQL注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of Code-Projects Easy Blog Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the post.php file, which may lead to SQL injection attac...

6.5CVSS6.6AI score0.00036EPSS

Exploits0References5

NVD•added 2026/04/05 9:16 p.m.•1 views

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

9.8CVSS0.00304EPSS

Exploits1References3

CVE•added 2026/04/05 8:45 p.m.•3 views

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability exposed via the post parameter in post.php, allowing unauthenticated attackers to manipulate database queries and extract data or perform time-based blind SQLi. Exploitation details are supported by linked references (e.g., Exploit-DB). CVSS met...

9.8CVSS6AI score0.00304EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/05 8:45 p.m.•0 views

CVE-2019-25674 CMSsite 1.0 SQL Injection via post Parameter

8.8CVSS6AI score0.00304EPSS

Exploits1References3

Positive Technologies•added 2026/04/05 12:0 a.m.•3 views

PT-2026-30483

8.8CVSS6AI score0.00304EPSS

Exploits1References4

NVD•added 2026/02/03 10:16 p.m.•3 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.0013EPSS

Exploits1References3

Cvelist•added 2026/02/03 10:1 p.m.•24 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

8.8CVSS0.0013EPSS

Exploits1References3

ATTACKERKB•added 2026/02/03 10:1 p.m.•2 views

CVE-2020-37076

8.8CVSS5.8AI score0.0013EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/01/09 11:10 a.m.•7 views

CVE-2016-10945

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF...

8.8CVSS7.1AI score0.00202EPSS

Exploits1References1

CVE•added 2026/01/05 4:32 a.m.•11 views

CVE-2025-15457

CVE-2025-15457 affects bg5sbk MiniCMS up to version 1.8. The vulnerability resides in the Trash File Restore Handler in the unknown function within the file "/minicms/mc-admin/post.php" and causes improper authentication. It can be exploited remotely and a public exploit exists; the vendor was co...

9.8CVSS7.1AI score0.00241EPSS

Exploits1References4Affected Software1