CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•16 views

CVE-2026-54219 Stored XSS in UBB.threads

5.1CVSS0.00293EPSS

CVE•added 5 days ago•12 views

CVE-2026-54219

UBB.threads is vulnerable to a Stored XSS flaw via user posts and profile fields due to insufficient input sanitization. In the confirmed case, version 7.7.5 is affected, and low-privilege attackers can inject JavaScript that executes in a victim’s browser when viewing content. Other versions may...

5.1CVSS5.3AI score0.00293EPSS

EUVD•added 5 days ago•8 views

EUVD-2026-37882

5.1CVSS5.3AI score0.00293EPSS

RedhatCVE•added 2026/06/05 7:49 p.m.•6 views

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

2.7CVSS5.5AI score0.00258EPSS

Exploits0References1

CVE•added 2026/05/17 12:11 p.m.•14 views

CVE-2018-25330

Joomla! EkRishta 2.10 is affected by persistent XSS and SQL injection as described in CVE-2018-25330. The vulnerabilities enable attackers to inject script payloads into profile information (e.g., Address) and SQL payloads via the phone_no parameter to user_setting, allowing script execution when...

Vulnrichment•added 2026/05/17 12:11 p.m.•7 views

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

ATTACKERKB•added 2026/05/17 12:11 p.m.•4 views

CVE-2018-25330

Exploits0References4Affected Software1

EUVD•added 2026/05/17 12:11 p.m.•9 views

EUVD-2018-21850

CNNVD•added 2026/05/17 12:0 a.m.•7 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

Positive Technologies•added 2026/05/17 12:0 a.m.•10 views

Exploits0References1

PT-2026-41556

NVD•added 2026/05/16 4:16 p.m.•13 views

Exploits0References5

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

6.9CVSS0.00232EPSS

CVE•added 2026/05/16 3:26 p.m.•12 views

CVE-2021-47934

MyBB Timeline Plugin 1.0 is affected by cross-site scripting (XSS) in thread titles, post content, and user profile fields (Location, Bio). A cross-site request forgery (CSRF) in the timeline.php profile action can be exploited to change a user’s cover picture via malicious forms that execute whe...

6.9CVSS5.7AI score0.00232EPSS

Vulnrichment•added 2026/05/16 3:26 p.m.•9 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

6.9CVSS5.7AI score0.00232EPSS

ATTACKERKB•added 2026/05/16 3:26 p.m.•6 views

CVE-2021-47934

6.9CVSS5.7AI score0.00232EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/16 3:26 p.m.•37 views

CVE-2021-47934 MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF

6.9CVSS0.00232EPSS

Positive Technologies•added 2026/05/16 12:0 a.m.•10 views

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

6.9CVSS5.8AI score0.00232EPSS

Exploits0References5

CNNVD•added 2026/05/16 12:0 a.m.•9 views

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

6.9CVSS5.6AI score0.00232EPSS

Exploits0References1

EUVD•added 2026/05/15 9:31 p.m.•5 views

EUVD-2025-209885

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

5.8AI score0.00343EPSS

Vulnrichment•added 2026/05/15 6:36 p.m.•11 views

CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00243EPSS