CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/01 3:31 p.m.•3 views

EUVD-2026-17885

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

5.4CVSS6AI score0.00039EPSS

EUVD•added 2026/04/01 3:31 a.m.•2 views

EUVD-2026-17747

6.5CVSS6.1AI score0.00069EPSS

Exploits0References5

Vulnrichment•added 2026/04/01 12:45 a.m.•0 views

CVE-2026-5248 gougucms User Registration Login.php reg_submit dynamically-determined object attributes

6.5CVSS6.1AI score0.00069EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•3 views

PT-2026-29530

Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

6AI score0.00039EPSS

Vulnrichment•added 2026/04/01 12:0 a.m.•0 views

CVE-2026-29598

6AI score0.00039EPSS

Cvelist•added 2026/04/01 12:0 a.m.•20 views

CVE-2026-29598

0.00039EPSS

CVE•added 2026/04/01 12:0 a.m.•8 views

CVE-2026-29598

CVE-2026-29598 affects DDSN Interactive Acora CMS v10.7.1, with multiple stored XSS vulnerabilities in the submit_add_user.asp endpoint. The First Name and Last Name fields are injectable, allowing an attacker to have scripts/HTML executed in the context of the victim’s browser. The CVE entry spe...

5.4CVSS6AI score0.00039EPSS

RedhatCVE•added 2026/03/26 3:15 p.m.•2 views

CVE-2026-4542

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

5.5CVSS5.6AI score0.00081EPSS

RedhatCVE•added 2026/03/26 3:15 p.m.•3 views

CVE-2026-4590

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

3.1CVSS4.9AI score0.0002EPSS

RedhatCVE•added 2026/03/26 3:12 p.m.•2 views

CVE-2026-3943

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS6.7AI score0.00767EPSS

EUVD•added 2026/03/25 12:30 p.m.•2 views

EUVD-2026-15315

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usbkillanchoredurbs is...

5.6AI score0.00018EPSS

Exploits0References6

NVD•added 2026/03/24 12:16 p.m.•2 views

CVE-2019-25642

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

8.8CVSS0.00121EPSS

ATTACKERKB•added 2026/03/24 11:27 a.m.•1 views

CVE-2019-25642

8.8CVSS6.3AI score0.00121EPSS

CNNVD•added 2026/03/24 12:0 a.m.•3 views

Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

8.8CVSS6.2AI score0.00121EPSS

EUVD•added 2026/03/23 3:30 p.m.•1 views

EUVD-2026-14445

ATTACKERKB•added 2026/03/23 2:24 p.m.•3 views

Exploits0References5

CVE-2026-4590

Exploits0References4Affected Software1

CVE•added 2026/03/23 2:24 p.m.•4 views

CVE-2026-4590

CVE-2026-4590 affects kalcaddle kodbox 1.64. The vulnerable element is the loginSubmit API component, specifically an unknown function in /workspace/source-code/plugins/oauth/controller/bind/index.class.php. Manipulating the argument third enables cross-site request forgery (CSRF). The issue is e...

Vulnrichment•added 2026/03/23 2:24 p.m.•1 views

CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

CNNVD•added 2026/03/23 12:0 a.m.•3 views

Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the 1.64 version of Kalcaddle Kodbox. This vulnerability stems from incorrect handling of the parameter “third” in the component loginSubmit...

3.1CVSS5.6AI score0.0002EPSS