CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1061 matches found

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval, letting unauthenticated attackers execute arbitrary PHP code on the server. id: CVE-2026-6433 info: name: FlipperCode Custom CSS, JS & PHP = 2.0.7 -...

7.3CVSS6.2AI score0.00753EPSS

Exploits1References4

Nuclei•added yesterday•50 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.3AI score0.40874EPSS

Exploits1References1

Nuclei•added yesterday•29 views

Traggo Server - Local File Inclusion

traggo/server version 0.3.0 is vulnerable to directory traversal. id: CVE-2023-34843 info: name: Traggo Server - Local File Inclusion author: DhiyaneshDk severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. impact: | Successful exploitation of this...

7.5CVSS7.1AI score0.06413EPSS

Exploits1References5

Nuclei•added yesterday•32 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.4AI score0.03409EPSS

Exploits1References2

Nuclei•added yesterday•14 views

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS8.1AI score0.06589EPSS

Exploits1References2

NVD•added 3 days ago•5 views

CVE-2026-35300

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise WebLogic...

9.8CVSS0.00552EPSS

Exploits0References1

Nuclei•added 4 days ago•57 views

LimeSurvey 4.1.11 - Local File Inclusion

LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Local File Inclusion author: daffainfo severity: critical...

9.8CVSS8.3AI score0.96986EPSS

Exploits6References5

RedhatCVE•added 2026/06/11 2:59 p.m.•9 views

CVE-2026-52754

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS5.5AI score0.00252EPSS

Exploits0References1

NVD•added 2026/06/10 2:16 p.m.•8 views

CVE-2026-52754

8.8CVSS0.00252EPSS

Exploits0References4

EUVD•added 2026/06/10 12:40 p.m.•7 views

EUVD-2026-36013

8.8CVSS5.5AI score0.00252EPSS

Exploits0References4

RedhatCVE•added 2026/06/10 2:59 a.m.•6 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS6.5AI score0.00998EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•6 views

PT-2026-48414

8.8CVSS5.5AI score0.00252EPSS

Exploits0References5

RedhatCVE•added 2026/06/07 12:43 a.m.•10 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00437EPSS

Exploits0References1

NVD•added 2026/06/05 8:17 p.m.•12 views

CVE-2026-11414

10CVSS0.00437EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:26 p.m.•7 views

CVE-2026-39311

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

6.8CVSS6.3AI score0.00288EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:20 p.m.•8 views

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS5.8AI score0.00648EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:20 p.m.•8 views

CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

9.8CVSS7.8AI score0.00464EPSS

Exploits1References1