CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/25 3:0 a.m.•5 views

CVE-2026-9420

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

7.5CVSS5.6AI score0.00045EPSS

Exploits0References7

CNNVD•added 2026/05/25 12:0 a.m.•5 views

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates from the HTTP GET Request Parameter Handler component and could lead to injection...

7.5CVSS6.6AI score0.00045EPSS

Exploits0References7

Positive Technologies•added 2026/05/25 12:0 a.m.•12 views

PT-2026-42998

7.5CVSS6.3AI score0.00045EPSS

Exploits0References6

RedhatCVE•added 2026/05/20 7:57 p.m.•4 views

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

9.8CVSS6.1AI score0.00592EPSS

NVD•added 2026/05/17 7:16 a.m.•10 views

CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS0.00009EPSS

CVE•added 2026/05/17 6:15 a.m.•7 views

CVE-2026-8736

Technical details about CVE-2026-8736 are not publicly available in the provided documents. Monitor for updates.

EUVD•added 2026/05/17 6:15 a.m.•6 views

EUVD-2026-30685

Vulnrichment•added 2026/05/17 6:15 a.m.•5 views

CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

Positive Technologies•added 2026/05/17 12:0 a.m.•5 views

PT-2026-41521

ATTACKERKB•added 2026/05/07 9:8 p.m.•3 views

Exploits0References5

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

6.1CVSS5.9AI score0.00033EPSS

Exploits0References5

EUVD•added 2026/05/05 9:31 p.m.•5 views

EUVD-2026-27426

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

6AI score0.00038EPSS

Exploits1References3

NVD•added 2026/04/29 9:16 a.m.•2 views

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS0.00059EPSS

Cvelist•added 2026/04/29 8:22 a.m.•25 views

CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS0.00059EPSS

CNNVD•added 2026/04/29 12:0 a.m.•3 views

DNStwist MCP Server 命令注入漏洞

DNStwist MCP Server is a domain name security detection tool developed by Burt personally. Versions of DNStwist MCP Server 1.0.4 and earlier contained a command injection vulnerability. This vulnerability stemmed from the fuzzdomain function in the src/index.ts file, where the Request operation o...

7.5CVSS7.1AI score0.01715EPSS

Cvelist•added 2026/04/17 1:15 p.m.•30 views

CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

7.5CVSS0.00013EPSS

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Cisco Unity Connection 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from improper validation of HTTP...

4.7CVSS5.8AI score0.00028EPSS

NVD•added 2026/04/13 7:16 p.m.•3 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00037EPSS

Exploits1References2

CNNVD•added 2026/03/31 12:0 a.m.•3 views

WordPress plugin Query Monitor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00041EPSS