CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

163 matches found

EUVD-2026-33875

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS4.1AI score0.00043EPSS

Exploits0References9

Positive Technologies•added 2 days ago•10 views

PT-2026-45685

5.1CVSS4.1AI score0.00043EPSS

Exploits0References10

Cvelist•added 4 days ago•21 views

CVE-2026-10185 SourceCodester Hospitals Patient Records Management System Users.php save sql injection

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS0.00033EPSS

Exploits0References6

CVE•added 4 days ago•8 views

CVE-2026-10185

SourceCodester Hospitals Patient Records Management System 1.0 contains a SQL injection in /classes/Users.php?f=save. The vulnerability arises from manipulating the ID argument, enabling remote exploitation. Public exploits are available. Exploit maturity is PROOF-OF-CONCEPT; CVSS metrics indicat...

7.5CVSS6.9AI score0.00033EPSS

Exploits0References6

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10185

7.5CVSS6.9AI score0.00033EPSS

Exploits0References6Affected Software1

NVD•added 2026/04/10 2:16 a.m.•1 views

CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS0.00015EPSS

Exploits0References6

Snyk•added 2026/03/25 9:56 p.m.•2 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the save function. An attacker can extract sensitive information from the database and insert arbitrary data by submitting crafted input to the...

7.1CVSS6.1AI score0.00029EPSS

Exploits1References2

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2026-12331

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS5.3AI score0.0005EPSS

Exploits0References5

Cvelist•added 2026/03/16 4:32 a.m.•25 views

CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery

6.5CVSS0.0005EPSS

Exploits0References4

CNNVD•added 2026/03/16 12:0 a.m.•2 views

flow-core-x 代码问题漏洞

flow-core-x is a simple and powerful continuous integration and deployment server open source from flow.ci. Versions of flow-core-x 1.23.01 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the Save function in the ConfigServiceImpl.java file within the SMTP Host...

6.5CVSS6.7AI score0.0005EPSS

Exploits0References4

EUVD•added 2026/03/08 9:30 a.m.•1 views

EUVD-2026-10220

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...

7.2CVSS5.4AI score0.00978EPSS

Exploits1References5

OSV•added 2026/03/08 7:16 a.m.•1 views

CVE-2026-3714

4.7CVSS5.3AI score

Exploits0References4

ATTACKERKB•added 2026/03/08 6:32 a.m.•3 views

CVE-2026-3714

7.2CVSS5.4AI score0.00978EPSS

Exploits1References5

Vulnrichment•added 2026/03/08 6:32 a.m.•1 views

CVE-2026-3714 OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine

5.8CVSS5.4AI score0.00068EPSS

Exploits0References4

Positive Technologies•added 2026/03/04 12:0 a.m.•1 views

PT-2026-22899

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save gutena forms schema function in all versions up to, and including, 1.6.0. This...

6.5CVSS5.8AI score0.00013EPSS

Exploits0References3

RedhatCVE•added 2026/02/24 7:30 a.m.•2 views

CVE-2026-2972

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

5.4CVSS2.9AI score0.00011EPSS

Exploits1References1

OSV•added 2026/02/23 6:16 a.m.•1 views

CVE-2026-2972

5.4CVSS3.9AI score

Exploits0References4

NVD•added 2026/02/23 6:16 a.m.•2 views

CVE-2026-2972

5.4CVSS0.00011EPSS

Exploits1References4

CVE•added 2026/02/23 5:2 a.m.•5 views

CVE-2026-2972

A466350665 Smart-SSO up to 2.1.1 contains a cross-site scripting vulnerability in the Save function of smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java (Role Edit Page). The flaw, triggered by manipulation, can be exploited remotely and has publicly dis...

5.4CVSS3.2AI score0.00011EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/23 5:2 a.m.•17 views

CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting

4.8CVSS0.00011EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by