CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

252 matches found

Nuclei•added 2026/02/04 7:0 a.m.•80 views

UNA CMS <= 14.0.0-RC4 - PHP Object Injection

The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...

7.2AI score

Exploits1References2

RedhatCVE•added 2026/01/09 11:53 a.m.•6 views

CVE-2009-4983

Multiple cross-site scripting XSS vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to 1 category.php and 2 wcategory.php, and the 3 keywords parameter to search.php...

4.3CVSS6AI score0.00179EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:52 a.m.•7 views

CVE-2009-4222

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request...

7.5CVSS7.2AI score0.01387EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:19 a.m.•7 views

CVE-2019-18923

Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin...

6.1CVSS7AI score0.00447EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:51 a.m.•5 views

CVE-2013-6280

Cross-site scripting XSS vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:43 a.m.•4 views

CVE-1999-0467

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter...

5CVSS7.1AI score0.03913EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•12 views

CVE-2024-2259

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...

6.4CVSS6.1AI score0.00733EPSS

Exploits0References1