CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

NVD•added 2026/05/12 3:16 a.m.•40 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 2:20 a.m.•7 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

4.3CVSS6.3AI score0.00255EPSS

Exploits0References2

RedhatCVE•added 2025/10/28 6:52 p.m.•5 views

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

5.4CVSS5.8AI score0.00228EPSS

Exploits1References1

NVD•added 2025/10/27 7:16 p.m.•8 views

CVE-2025-32785

5.4CVSS0.00228EPSS

Exploits1References1

Cvelist•added 2025/10/27 6:44 p.m.•8 views

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

5.1CVSS0.00228EPSS

Exploits1References1

CVE•added 2025/10/27 6:44 p.m.•10 views

CVE-2025-32785

Pi-hole Admin Interface (Pi-hole) versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management. An authenticated user can inject JavaScript by placing a payload in Address when creating or editing a list entry. The XSS is trigge...

5.4CVSS5.4AI score0.00228EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/10/27 6:44 p.m.•3 views

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

5.1CVSS5.4AI score0.00228EPSS

Exploits1References1

EUVD•added 2025/10/27 6:44 p.m.•3 views

EUVD-2025-36328

5.1CVSS5.3AI score0.00228EPSS

Exploits1References1

OSV•added 2025/10/27 6:44 p.m.•4 views

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

5.1CVSS5.9AI score0.00228EPSS

Exploits1References3

Positive Technologies•added 2025/10/27 12:0 a.m.•6 views

PT-2025-44010

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...

5.1CVSS5.7AI score0.00228EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 11:31 p.m.•4 views

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

6.5CVSS6.5AI score0.00449EPSS

Exploits2References1

Veracode•added 2024/04/30 8:4 a.m.•15 views

Improper Access Control

Postorius is vulnerable to Improper Access Control. The vulnerability is due to insufficient validation which allows any logged-in user to send a crafted POST request to unsubscribe any user from a mailing list as well as verify if the address was subscribed in the first place...

5.4CVSS6.9AI score0.01093EPSS

Exploits1References7Affected Software1

NVD•added 2024/04/30 12:15 a.m.•8 views

CVE-2023-52726

Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error in the Subscribe function implementation for the subscribed indication stream...

6.5CVSS6.6AI score0.00422EPSS

Exploits1References1

Cvelist•added 2024/02/28 8:33 a.m.•27 views

CVE-2023-6922 Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and email...

4.3CVSS4.7AI score0.00494EPSS

Exploits0References2

WPVulnDB•added 2024/02/27 12:0 a.m.•9 views

Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure

Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and...

6.5CVSS6.5AI score0.00494EPSS

Exploits0References1

CNNVD•added 2023/08/15 12:0 a.m.•4 views

WordPress Plugin User Submitted Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

7.2CVSS5.7AI score0.00363EPSS

Exploits0References4

CNVD•added 2022/09/28 12:0 a.m.•38 views

Rocket.Chat Input Validation Error Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...

4.3CVSS4.3AI score0.00651EPSS

Exploits1References1

NVD•added 2022/07/11 1:15 p.m.•16 views

CVE-2022-1576

6.5CVSS0.00449EPSS

Exploits2References1

OSV•added 2022/07/11 1:15 p.m.•3 views

CVE-2022-1576

6.5CVSS5.8AI score0.00449EPSS

Exploits2References1