CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-4380

Malware in sbrugna...

4.3CVSS6.4AI score0.00274EPSS

Exploits0References5

OSV•added 2024/05/31 8:15 a.m.•2 views

CVE-2024-5523

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database...

8.8CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/05/31 7:32 a.m.•11 views

CVE-2024-5523 SQL injection vulnerability in Astrotalks

8.8CVSS8.6AI score0.00224EPSS

Exploits0References1

Cvelist•added 2024/05/31 7:32 a.m.•11 views

CVE-2024-5523 SQL injection vulnerability in Astrotalks

8.8CVSS8.6AI score0.00224EPSS

Exploits0References1

OSV•added 2023/12/25 8:15 a.m.•0 views

CVE-2023-38826

A Cross Site Scripting XSS vulnerability exists in Follet Learning Solutions Destiny through 20.01U. via the handlewpesearchform.do. searchString...

6.1CVSS5.8AI score0.00117EPSS

Exploits1References2

Cvelist•added 2023/12/25 12:0 a.m.•11 views

CVE-2023-38826

A Cross Site Scripting XSS vulnerability exists in Follet Learning Solutions Destiny through 20.01U. via the handlewpesearchform.do. searchString...

6.1AI score0.00117EPSS

Exploits1References2

Positive Technologies•added 2023/12/11 12:0 a.m.•2 views

PT-2023-26613 · Follett · Follett Destiny

Name of the Vulnerable Software and Affected Versions: Follet Learning Solutions Destiny versions through 20.0 1U Description: A Cross Site Scripting XSS issue exists, allowing exploitation via the "handlewpesearchform.do" endpoint, specifically through the searchString variable. Recommendations:...

6.1CVSS6AI score0.00117EPSS

Exploits1References7

OSV•added 2023/08/08 4:15 p.m.•15 views

CVE-2023-38769

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...

7.5CVSS7.6AI score

Exploits0References4

Prion•added 2023/08/08 4:15 p.m.•18 views

Sql injection

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...

5CVSS7.5AI score0.00084EPSS

Exploits0References4Affected Software1

CNNVD•added 2023/01/05 12:0 a.m.•1 views

web-cyradm SQL注入漏洞

web-cyradm is web-cyradm open source a web-based software. web-cyradm has a SQL injection vulnerability that stems from a problem in the unknown section of the file search.php, where manipulation of the parameter searchstring can lead to sql injection...

7.5CVSS5.7AI score0.00326EPSS

Exploits0References4

Positive Technologies•added 2023/01/05 12:0 a.m.•2 views

PT-2023-9860 · Unknown · Web-Cyradm

Name of the Vulnerable Software and Affected Versions: web-cyradm affected versions not specified Description: A problematic issue has been found in web-cyradm, affecting the file search.php. The manipulation of the searchstring argument leads to sql injection. Recommendations: Apply a patch to f...

7.5CVSS7.7AI score0.00326EPSS

Exploits0References5

NVD•added 2022/05/12 8:15 p.m.•10 views

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

6.1CVSS0.01905EPSS

Exploits0References5

Cvelist•added 2022/05/12 7:58 p.m.•14 views

CVE-2020-22986

6.1AI score0.01905EPSS

Exploits0References5

CNNVD•added 2022/05/12 12:0 a.m.•2 views

MicroStrategy Web SDK 跨站脚本漏洞

MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. It interacts with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. MicroStrategy Web SDK version 10.11 and earlier versions contain a cross-site scripting vulnerability that...

6.1CVSS6.2AI score0.01905EPSS

Exploits0References6

Prion•added 2021/11/22 9:15 a.m.•11 views

Path traversal

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

5CVSS7.5AI score0.47506EPSS

Exploits3References2Affected Software1

WPVulnDB•added 2021/08/09 12:0 a.m.•10 views

SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting

The plugin does not escape its searchString parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=dkspeakoutsignatures=search="...

0.5AI score

Exploits0Affected Software1

Zero Day Initiative•added 2018/05/04 12:0 a.m.•25 views

Trend Micro Encryption for Email Gateway emailSearch SearchString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...

6.5CVSS4.7AI score0.01807EPSS

Exploits5References1

CNVD•added 2018/02/23 12:0 a.m.•1 views

Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-04494)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the search configuration script in Trend...

8.3CVSS7.8AI score0.01807EPSS

Exploits5References1