CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00149EPSS

Exploits0References2

CNNVD•added 2026/03/24 12:0 a.m.•3 views

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

8.6CVSS5.9AI score0.00452EPSS

Exploits0References5

Vulnrichment•added 2026/02/14 9:49 a.m.•7 views

CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00218EPSS

Exploits1References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

MiracleLinux 8 : kernel-4.18.0-553.37.1.el8_10 (AXSA:2025-9659:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9659:11 advisory. kernel: scsi: core: Fix unremoved procfs host directory regression CVE-2024-26935 kernel: arm64/sve: Discard stale CPU state when handling SVE traps...

7CVSS6.9AI score0.00244EPSS

Exploits0References3

EUVD•added 2025/12/14 9:30 a.m.•4 views

EUVD-2025-203288

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

5.8CVSS6.4AI score0.06506EPSS

Exploits1References5

NVD•added 2025/12/14 7:15 a.m.•2 views

CVE-2025-14648

7.2CVSS0.06506EPSS

Exploits1References4

CVE•added 2025/12/14 7:2 a.m.•15 views

CVE-2025-14648

CVE-2025-14648 affects DedeBIZ up to 6.5.9. The vulnerability is in the file /src/admin/catalog_add.php, where manipulation leads to a remote command injection . Several sources confirm the attack can be launched remotely and that the exploit has been disclosed publicly. The Red Hat and EU ENISA ...

7.2CVSS6.6AI score0.06506EPSS

Exploits1References4Affected Software1

CNNVD•added 2025/12/14 12:0 a.m.•3 views

DedeBIZ 命令注入漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A command injection vulnerability exists in DedeBIZ 6.5.9 and earlier versions, which stems from incorrect manipulation of the file /src/admin/catalogadd.php, which could lead to a command injection attack...

7.2CVSS5.3AI score0.06506EPSS

Exploits1References5

CNNVD•added 2023/10/29 12:0 a.m.•1 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.5.9 and earlier versions, which stems from a NULL pointer dereference...

4.7CVSS6.5AI score0.00229EPSS

Exploits0References8