CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

156 matches found

Snyk•added 2026/04/29 9:49 p.m.•2 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization due to an inverted authorization check in the twofactorauthentication.php process. An attacker can remove...

7.1CVSS5.8AI score0.00025EPSS

Exploits0References2

CNNVD•added 2026/04/21 12:0 a.m.•3 views

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the password change form located at...

8.1CVSS5.8AI score0.00036EPSS

Exploits0References2

Vulnrichment•added 2026/04/12 12:28 p.m.•0 views

CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/04/12 12:0 a.m.•1 views

PT-2026-32177

7.1CVSS5.9AI score0.00033EPSS

Exploits0References3

CVE•added 2026/03/16 11:53 a.m.•6 views

CVE-2025-69241

Raytha CMS is affected by CVE-2025-69241, a Stored XSS in the profile editing flow via FirstName/LastName. An authenticated attacker can inject HTML/JS that executes when the edited page is viewed. The issue has been fixed in version 1.4.6. The CVSSv4 metrics indicate a Medium impact (base score ...

5.4CVSS5.8AI score0.00039EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/02/06 7:7 a.m.•4 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00023EPSS

Exploits0References1

NVD•added 2026/02/05 7:16 a.m.•3 views

CVE-2026-1953

8.2CVSS0.00023EPSS

Exploits0References1

CVE•added 2026/02/05 6:33 a.m.•11 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 is affected by a stored XSS in the user profile edit endpoint (/ngc-cms/user-edit-profile.php). The vulnerability arises because the name field is not properly sanitized before storing to the database and rendering on multiple pages. An authenticated attacker with low privi...

8.2CVSS5.6AI score0.00023EPSS

Exploits0References1

ATTACKERKB•added 2026/02/05 6:33 a.m.•2 views

CVE-2026-1953

8.2CVSS5.6AI score0.00023EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/05 6:33 a.m.•3 views

CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

8.2CVSS5.6AI score0.00023EPSS

Exploits0References1

EUVD•added 2026/02/05 6:33 a.m.•2 views

EUVD-2026-5547

8.2CVSS5.6AI score0.00023EPSS

Exploits0References1

Cvelist•added 2026/02/05 6:33 a.m.•22 views

CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

8.2CVSS0.00023EPSS

Exploits0References1

Positive Technologies•added 2026/02/05 12:0 a.m.•1 views

PT-2026-6078

Name of the Vulnerable Software and Affected Versions Nukegraphic CMS version 3.1.2 Description Nukegraphic CMS version 3.1.2 has a stored cross-site scripting XSS issue in the user profile edit functionality located at the /ngc-cms/user-edit-profile.php API endpoint. The application does not...

8.2CVSS5.4AI score0.00023EPSS

Exploits0References5

RedhatCVE•added 2026/01/29 3:26 a.m.•4 views

CVE-2025-67645

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters pubpid / pid to reference another user’s recor...

8.8CVSS5.9AI score0.00057EPSS

Exploits1References1

NVD•added 2026/01/28 12:15 a.m.•3 views

CVE-2025-67645

8.8CVSS0.00057EPSS

Exploits1References2

CNNVD•added 2026/01/28 12:0 a.m.•2 views

OpenEMR Access Control Vulnerability

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 7.0.4, there was an access control...

8.8CVSS5.8AI score0.00057EPSS

Exploits1References2

CVE•added 2026/01/27 11:20 p.m.•6 views

CVE-2025-67645

OpenEMR (versions prior to 7.0.4) is affected by a broken access control vulnerability in the Profile Edit endpoint. An authenticated normal user can modify request parameters (pubpid/pid) to reference another user’s record, causing changes to another user’s profile data (e.g., name, contact info...

8.8CVSS5.9AI score0.00057EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/01/27 11:20 p.m.•2 views

CVE-2025-67645 OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint

8.8CVSS5.9AI score0.00057EPSS

Exploits1References2

ATTACKERKB•added 2026/01/27 11:20 p.m.•2 views

CVE-2025-67645

8.8CVSS5.9AI score0.00057EPSS

Exploits1References3Affected Software1