CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The...

7.5CVSS7.5AI score0.00394EPSS

Exploits1References5

Circl•added 2025/06/18 4:43 p.m.•15 views

CVE-2024-54172

creationtimestamp| type| source ---|---|--- 2025-06-18 16:43:37+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18787 2025-06-18 19:49:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrvrpuczpr2a...

4.3CVSS4.8AI score0.00121EPSS

Exploits0References2

Hacker One•added 2025/04/14 4:26 p.m.•490 views

AWS VDP: Non-Production API Endpoints for the Route 53 Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The non-production API endpoints for the Route 53 service failed to log to CloudTrail, resulting in silent permission enumeration. Two non-production endpoints were found that could be used with standard IAM credentials without logging to CloudTrail. This allowed an adversary to perform permissio...

7.1AI score

Exploits0

CVE•added 2025/02/06 12:0 a.m.•78 views

CVE-2025-22936

The CVE-2025-22936 entry affects Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router models SAM-4G1G-TT-W-VC and SAM-4F1F-TT-W-A1. The issue is a weak default WiFi password generation algorithm that could allow a remote attacker to obtain sensitive information. Per available documentation, CVSS ...

5.7CVSS6.8AI score0.0024EPSS

Exploits0References2

GithubExploit•added 2024/10/12 9:9 a.m.•387 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...

9.8CVSS7.4AI score0.9896EPSS

Exploits8

CVE•added 2024/03/11 6:55 p.m.•97 views

CVE-2024-27212

CVE-2024-27212 describes an out-of-bounds write in the init_data path (component listed as TBD) due to a missing bounds check. This leads to local privilege escalation with no additional privileges or user interaction required, as stated across multiple sources (NVD/Red Hat/OSV and Pixel bulletin...

7.8CVSS7AI score0.00104EPSS

Exploits0References1Affected Software1

Circl•added 2023/09/28 11:42 a.m.•19 views

CVE-2023-43770

creationtimestamp| type| source ---|---|--- 2023-09-28 11:42:17+00:00| published-proof-of-concept| https://t.me/CNArsenal/1202 2023-09-28 13:52:57+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5238 2023-09-28 15:18:12+00:00| published-proof-of-concept| https://t.me/proxybar/1739...

6.1CVSS6.9AI score0.58483EPSS

Exploits2References21

CVE•added 2023/08/14 9:10 p.m.•47 views

CVE-2023-21230

CVE-2023-21230 affects Google Wear OS / Android framework. A precondition check failure in the onAccessPointChanged method of AccessPointPreference.java could allow unprivileged apps to receive broadcasts about WiFi access point changes (including BSSID/SSID), enabling local information disclosur...

5.5CVSS5.2AI score0.00082EPSS

Exploits0References1Affected Software1

Ubuntu•added 2023/07/26 3:19 p.m.•51 views

USN-6253-1: libvirt vulnerability

It wad discovered that libvirt incorrectly handled locking when processing certain requests. A local attacker could possibly use this issue to cause libvirt to stop responding or crash, resulting in a denial of service...

6.5CVSS6.6AI score0.00621EPSS

Exploits0

CVE•added 2023/07/25 3:32 a.m.•54 views

CVE-2023-32639

CVE-2023-32639 affects the Ministry of Justice’s Applicant Programme, specifically versions 7.06 and earlier . The root cause is improper restriction of XML External Entity (XXE) references , allowing processing of a crafted XML file to read arbitrary files on the system. Impact is high confident...

5.5CVSS5.5AI score0.00195EPSS

Exploits0References2Affected Software1

CVE•added 2023/07/10 12:40 p.m.•62 views

CVE-2023-1780

The CVE-2023-1780 affects the Companion Sitemap Generator WordPress plugin (versions before 4.5.3). It stems from not sanitising/escaping certain parameters before echoing them in pages, causing a Reflected Cross‑Site Scripting (XSS) vulnerability that could affect high‑privilege users (e.g., adm...

6.1CVSS6AI score0.01019EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/04/19 12:0 a.m.•13 views

FormCraft <= 1.2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.00361EPSS

Exploits0Affected Software1

CVE•added 2023/03/08 12:0 a.m.•79 views

CVE-2022-4007

GitLab CE/EE: A cross-site scripting (XSS) vulnerability in the title field of work items affects all versions from 15.3 up to, but not including, 15.7.8; 15.8 up to, but not including, 15.8.4; and 15.9 up to, but not including, 15.9.2. The issue allows attackers to perform arbitrary actions on b...

6.1CVSS5.8AI score0.0055EPSS

Exploits0References3Affected Software1

CNVD•added 2022/07/04 12:0 a.m.•25 views

IBM Spectrum Protect Plus Container Backup and Restore权限提升漏洞

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM Corporation in the United States. The platform provides enterprises with a single point of control and management, and supports backup and recovery for virtual, physical and cloud environments of all sizes. IBM Spectrum...

8.8CVSS3AI score0.00825EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by