CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedhatCVE•added 2026/01/09 12:36 p.m.•5 views

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

5.4CVSS6.1AI score0.00298EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:53 a.m.•10 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS7.4AI score0.01688EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-8406

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00249EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-23245

Malicious code in bioql PyPI...

8.6CVSS7AI score0.0054EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-23241

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00182EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-36977

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01688EPSS

Exploits0References2

RedhatCVE•added 2025/08/02 8:23 p.m.•4 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

6.5CVSS6.4AI score0.00346EPSS

Exploits0References1

RedhatCVE•added 2025/08/02 8:23 p.m.•5 views

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

8CVSS6.6AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2025/08/02 8:23 p.m.•9 views

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

8CVSS6.5AI score0.00224EPSS

Exploits0References1

NVD•added 2025/07/31 8:15 a.m.•4 views

CVE-2025-54752

8CVSS0.00224EPSS

Exploits0References2

NVD•added 2025/07/31 8:15 a.m.•5 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

6.1CVSS0.00182EPSS

Exploits0References2

Cvelist•added 2025/07/31 7:25 a.m.•7 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

6.1CVSS0.00182EPSS

Exploits0References2

CVE•added 2025/07/31 7:25 a.m.•19 views

CVE-2025-36563

CVE-2025-36563 is a reflected cross-site scripting vulnerability affecting PowerCMS in multiple versions. Exploitation requires a user (administrator or general user per vector) to access a crafted URL, allowing arbitrary script execution in the browser. CVSS metrics specify MEDIUM severity (olde...

6.1CVSS6AI score0.00182EPSS

Exploits0References2Affected Software1

CVE•added 2025/07/31 7:25 a.m.•14 views

CVE-2025-41391

CVE-2025-41391 is a stored cross-site scripting vulnerability in PowerCMS. The issue allows an arbitrary script to execute in a browser when a product user accesses a malicious page. Connected sources confirm PowerCMS (Alfasado Inc.) as affected and describe multiple PowerCMS pages/versions as im...

5.4CVSS5.9AI score0.00167EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/07/31 7:25 a.m.•7 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.4CVSS0.00167EPSS

Exploits0References2

Vulnrichment•added 2025/07/31 7:25 a.m.•4 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.4CVSS5.8AI score0.00167EPSS

Exploits0References2

Vulnrichment•added 2025/07/31 7:22 a.m.•3 views

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file...

8.6CVSS7.9AI score0.0054EPSS

Exploits0References2

CVE•added 2025/07/31 7:22 a.m.•19 views

CVE-2025-46359

CVE-2025-46359 : A path traversal flaw in the backup/restore feature of multiple PowerCMS versions allows an administrator to execute arbitrary code by restoring a crafted backup file. The vulnerability affects the backup/restore component (no version numbers specified in sources). Remediation is...

8.6CVSS7.4AI score0.0054EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/07/31 7:21 a.m.•9 views

CVE-2025-54752

6.5CVSS0.00224EPSS

Exploits0References2

Vulnrichment•added 2025/07/31 7:21 a.m.•5 views

CVE-2025-54752

6.5CVSS7.3AI score0.00224EPSS

Exploits0References2

Rows per page