CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

RedhatCVE•added 2026/01/09 9:34 a.m.•3 views

CVE-2024-41346

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...

6.1CVSS6AI score0.00332EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2001-1501

Malware in sbrugna...

4.3CVSS6.4AI score0.00106EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-2048

Malware in sbrugna...

9.8CVSS9.5AI score0.00281EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-33254

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00097EPSS

Exploits1References5

Vulnrichment•added 2025/07/14 5:14 a.m.•4 views

CVE-2025-7575 Zavy86 WikiDocs submit.php image_delete_ajax path traversal

A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function imagedropuploadajax/imagedeleteajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version...

5.8CVSS7.2AI score0.00429EPSS

Exploits0References6

CVE•added 2025/07/14 5:14 a.m.•18 views

CVE-2025-7575

CVE-2025-7575 affects Zavy86 WikiDocs up to version 1.0.77. The vulnerability lies in the image_drop_upload_ajax and image_delete_ajax functions in submit.php, enabling path traversal. The issue can be exploited remotely and may impact confidentiality, integrity, and availability as described in ...

5.8CVSS4.9AI score0.00429EPSS

Exploits0References6

CNNVD•added 2024/11/02 12:0 a.m.•2 views

Code-Projects University Event Management System SQL注入漏洞

Code-Projects University Event Management System is an open source university event management system from Code-Projects. Code-Projects University Event Management System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the parameter...

9.8CVSS7AI score0.00097EPSS

Exploits1References5

OSV•added 2024/08/29 8:15 p.m.•2 views

CVE-2024-41346

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...

5.4CVSS5.9AI score

Exploits0References2

NVD•added 2024/08/29 8:15 p.m.•12 views

CVE-2024-41346

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/submit.php...

6.1CVSS0.00332EPSS

Exploits1References2

Positive Technologies•added 2022/10/11 12:0 a.m.•2 views

PT-2022-25535 · Interspire · Interspire Email Marketer

Name of the Vulnerable Software and Affected Versions: Interspire Email Marketer versions prior to 6.5.1 Description: The issue allows for arbitrary file upload through a "create survey and submit survey" operation in surveys submit.php. This can lead to a .php file being accessible under the...

8.8CVSS8.8AI score0.00422EPSS

Exploits1References3

Openbugbounty•added 2018/11/12 3:41 a.m.•11 views

jrtberlin.de XSS vulnerability

Open Bug Bounty ID: OBB-697383 Description| Value ---|--- Affected Website:| jrtberlin.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0

Prion•added 2018/04/22 3:29 p.m.•11 views

Design/Logic Flaw

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

3.5CVSS5.1AI score0.00206EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/04/22 3:0 p.m.•17 views

CVE-2017-17889

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

5.2AI score0.00206EPSS

Exploits1References1

Openbugbounty•added 2017/10/11 4:55 p.m.•7 views

chosensites.com XSS vulnerability

Vulnerable URL: http://www.chosensites.com/submit.php?category=Domain%20Name%20System=%22/%3E%3C/script%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly...

6.3AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

WordPress SendIt plugin <= 1.5.9 - Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress SendIt plugin = 1.5.9 Blind SQL Injection Vulnerability Google Dork: inurl:wp-content/plugins/sendit/submit.php Date: 2011-08-25 Author: evilsocket evilsocket at gmail dot com Software Link: http://wordpress.org/extend/plugins/sendit/...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•19 views

extreme-fusion <= 4.02 Remote Code Execution Exploit

No description provided by source. ? //Kacper Settings $exploitname = extreme-fusion = 4.02 Remote Code Execution Exploit; $scriptname = eXtreme-fusion 4.02; $scriptsite = http://extreme-fusion.pl/download-cat16; $dork = 'by eXtreme Crew'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Netquery 3.1 submit.php portnum Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14373/info Netquery is affected by multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands, disclose sensitive information and carry out cross-site scripting attacks. Netquer...

7.1AI score

Exploits0

NVD•added 2014/02/05 3:10 p.m.•14 views

CVE-2013-1470

Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...

4.3CVSS5.6AI score0.004EPSS

Exploits3References5

Exploit DB•added 2011/08/25 12:0 a.m.•26 views

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using $usercount for the boolean condition checking :...

7.4AI score

Exploits0

exploitpack•added 2011/08/25 12:0 a.m.•13 views

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using...

8.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by