CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

NVD•added 2026/03/23 10:16 p.m.•1 views

CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

Exploits0

Positive Technologies•added 2026/03/23 12:0 a.m.•1 views

PT-2026-27239

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

7.8CVSS6.3AI score

Exploits0References5

OSV•added 2026/03/19 3:30 a.m.•3 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00053EPSS

Exploits0References5

EUVD•added 2026/03/19 1:0 a.m.•1 views

EUVD-2026-13027

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00053EPSS

Exploits0References3

OSV•added 2026/03/03 5:16 p.m.•2 views

CVE-2026-26886

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manageservice.php...

2.7CVSS5.9AI score

Exploits0References1

CVE•added 2026/03/03 12:0 a.m.•4 views

CVE-2026-26886

CVE-2026-26886 affects Sourcecodester Online Men’s Salon Management System v1.0. The vulnerability is a SQL Injection in the admin path /admin/services/manage_service.php, caused by unsanitized input that allows injection into SQL queries. Multiple sources (Red Hat, NVD, CVE list, Attackerkb, CVE...

2.7CVSS6AI score0.00034EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/03/03 12:0 a.m.•2 views

PT-2026-22754

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage service.php...

6AI score0.00034EPSS

Exploits1References2

NVD•added 2026/03/02 3:16 p.m.•4 views

CVE-2025-50188

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7.2CVSS0.00107EPSS

Exploits1References3

ATTACKERKB•added 2026/03/02 2:47 p.m.•2 views

CVE-2025-50188

7.2CVSS6AI score0.00107EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2021-8212

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00209EPSS

Exploits0References2

CVE•added 2025/04/21 12:0 a.m.•61 views

CVE-2025-29660

The CVE-2025-29660 vulnerability affects Yi IOT XY-3820, firmware v6.0.24.10, in the daemon that listens on TCP port 6789. The issue stems from improper input validation, allowing directory traversal via crafted TCP requests, which permits remote unauthenticated execution of arbitrary scripts on ...

9.8CVSS7.6AI score0.00153EPSS

Exploits2References2Affected Software1

OSV•added 2023/04/28 11:15 p.m.•1 views

CVE-2023-2409

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/viewservice.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. T...

6.5CVSS6.4AI score

Exploits0References3

Positive Technologies•added 2022/12/09 12:0 a.m.•2 views

PT-2022-27321 · Unknown · Automotive Shop Management System

Name of the Vulnerable Software and Affected Versions: Automotive Shop Management System version 1.0 Description: The Automotive Shop Management System contains a SQL injection issue via the id parameter at the "/services/view service.php" API endpoint. This allows for potential exploitation...

7.2CVSS7.2AI score0.0026EPSS

Exploits1References3

ATTACKERKB•added 2022/04/08 9:15 p.m.•2 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.5CVSS6AI score0.00164EPSS

Exploits4References4

CNVD•added 2017/12/28 12:0 a.m.•1 views

PHP Scripts Mall Professional Service Script Information Disclosure Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. An information disclosure vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit the vulnerability by sending PATHINFO via a speciall...

5.3CVSS6.5AI score0.00248EPSS

Exploits1References1

CNVD•added 2017/12/28 12:0 a.m.•1 views

PHP Scripts Mall Professional Service Script Cross-Site Request Forgery Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site request forgery vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability to conduct cross-site request...

8.8CVSS7.2AI score0.00134EPSS

Exploits1References1

CNVD•added 2017/12/28 12:0 a.m.•1 views

PHP Scripts Mall Professional Service Script Cross-Site Scripting Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site scripting vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability via the view parameter in...

4.8CVSS6.5AI score0.00235EPSS

Exploits1References1

CNVD•added 2017/12/28 12:0 a.m.•1 views

PHP Scripts Mall Professional Service Script Predictable Registration URL Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A predictable registration URL vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker could exploit this vulnerability to register with an invali...

5.3CVSS7.1AI score0.00244EPSS

Exploits1References1

CNVD•added 2017/12/28 12:0 a.m.•2 views

PHP Scripts Mall Professional Service Script SQL Injection Vulnerability (CNVD-2018-00489)

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A SQL injection vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability by using the id parameter in admin/review.p...

9.8CVSS8.3AI score0.0025EPSS

Exploits1References1

CNVD•added 2017/12/28 12:0 a.m.•1 views

PHP Scripts Mall Professional Service Script Cross-Site Scripting Vulnerability (CNVD-2018-00494)

4.8CVSS6.6AI score0.00235EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by