CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2026/03/04 1:56 a.m.•3 views

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

9.8CVSS6AI score0.00231EPSS

Exploits0References1

Cvelist•added 2026/03/02 3:54 p.m.•17 views

CVE-2025-52998 Chamilo: PHAR deserialization bypass

7CVSS0.00231EPSS

Exploits0References3

CVE•added 2025/12/17 9:16 p.m.•8 views

CVE-2025-67875

CVE-2025-67875 affects ChurchCRM prior to version 6.5.3. An authenticated user with mid-level permissions (Edit Records; Manage Properties and Classifications) can combine an IDOR with Broken Access Control to inject a persistent stored XSS payload into an administrator’s profile. The XSS execute...

8.5CVSS5.7AI score0.00025EPSS

Exploits3References1Affected Software1

CVE•added 2025/11/11 12:14 a.m.•9 views

CVE-2025-42884

CVE-2025-42884 affects SAP NetWeaver Enterprise Portal. The issue allows an unauthenticated attacker to inject JNDI environment properties or pass a URL during JNDI lookup, enabling access to an unintended JNDI provider and potentially leading to disclosure or modification of server information (...

6.5CVSS6.1AI score0.00142EPSS

Exploits0References2

CVE•added 2023/07/01 4:26 a.m.•32 views

CVE-2021-4388

The CVE-2021-4388 entry concerns the Opal Estate plugin for WordPress, vulnerable up to version 1.6.11 due to missing capability checks in opalestate_set_feature_property() and opalestate_remove_feature_property(). This flaw allows unauthenticated attackers to set or remove featured properties. T...

5.3CVSS5.2AI score0.00194EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2023/05/05 5:21 p.m.•32 views

CVE-2023-0842

A flaw was found in node-xml2js. This flaw allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, making it possible to edit the proto property...

5.3CVSS5.6AI score0.00291EPSS

Exploits1References4

Cvelist•added 2023/04/05 12:0 a.m.•9 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.4AI score0.00291EPSS

Exploits1References4

NVD•added 2022/11/03 8:15 p.m.•13 views

CVE-2022-41714

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS0.00329EPSS

Exploits1References2

Positive Technologies•added 2021/10/20 12:0 a.m.•2 views

PT-2021-15534 · X-Assign · X-Assign

Name of the Vulnerable Software and Affected Versions: x-assign versions all Description: The issue affects the global proto object, which can be polluted using the proto object. This allows for potential manipulation of the object's properties. Recommendations: For all versions, consider...

9.8CVSS9.4AI score0.00556EPSS

Exploits1References6

CVE•added 2021/08/08 7:30 a.m.•72 views

CVE-2021-23419

Open-Graph (node-open-graph) prior to 0.2.6 is vulnerable to prototype pollution via the parse function, which can be tricked into adding or modifying properties on Object.prototype using a proto or constructor payload. This can lead to unintended behavior or security issues. Remediation: upgrade...

9.8CVSS7.2AI score0.00432EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2021/01/04 3:0 p.m.•15 views

CVE-2020-28282

A flaw was found in nodejs-getobject. The set function does not check for the type of object before assigning value to the property allowing an attacker to create a non-existent property or allow the manipulation of the property which could lead to a denial of service or a remote code execution...

9.8CVSS3.7AI score0.01979EPSS

Exploits1References5

Cvelist•added 2019/10/03 1:31 p.m.•24 views

CVE-2019-3834

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

5.6CVSS8.2AI score0.0033EPSS

Exploits0References1

wpexploit•added 2019/09/27 12:0 a.m.•25 views

Zoner < 4.2 - Persistent XSS & IDOR

----- Persistent XSS: ----- 'Address' input field on the 'Local information' block is vulnerable so you can use your payload to steal admin cookies or do some redirects etc. ----- IDOR: ----- POST request https://zoner.fruitfulcode.com/wp-admin/admin-ajax.php?action=deletepropertyactid=XXX=YYY...

7.3AI score

Exploits0References2

Veracode•added 2018/04/16 2:40 a.m.•17 views

Prototype Pollution

merge-recursive is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

9.8CVSS9.1AI score0.00315EPSS

Exploits1References2Affected Software1