CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-1561

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00927EPSS

Exploits1References5

Veracode•added 2024/05/07 7:18 p.m.•11 views

Cross-site Scripting (XSS)

tribalsystems/zenario is vulnerable to Cross-site Scripting XSS via the Tree Explorer tool. An attacker can inject malicious scripts that can be executed in the context of the user's browser by crafting malicious input...

6.5CVSS5.9AI score0.00051EPSS

Exploits0References3Affected Software1

Veracode•added 2022/03/22 7:37 a.m.•14 views

SQL Injection

tribalsystems/zenario is vulnerable to SQL injection. The vulnerability exists due to a lack of sanitization of the ID input field of ajax.php in the Pugin library - delete module...

9.1CVSS2.8AI score0.00927EPSS

Exploits1References3Affected Software1

OSV•added 2022/03/18 5:49 p.m.•16 views

GHSA-W4F3-7F7C-X652 SQL Injection in tribalsystems/zenario

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

9.1CVSS9.6AI score0.00927EPSS

Exploits1References5

Github Security Blog•added 2022/03/18 5:49 p.m.•21 views

SQL Injection in tribalsystems/zenario

9.1CVSS6.3AI score0.00927EPSS

Exploits1References6Affected Software1

GithubExploit•added 2021/09/30 2:44 a.m.•97 views

Exploit for Unrestricted Upload of File with Dangerous Type in Tribalsystems Zenario

CVE-2021-42171 File upload to Remote Code Execution on Zen...

7.2CVSS7.4AI score0.17813EPSS

Exploits5

NVD•added 2021/04/16 6:15 p.m.•11 views

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

9.1CVSS0.00927EPSS

Exploits1References1

OSV•added 2021/04/16 6:15 p.m.•2 views

CVE-2021-26830

9.1CVSS8.5AI score

Exploits0References1

CVE•added 2021/04/16 5:24 p.m.•105 views

CVE-2021-26830

The CVE-2021-26830 issue affects Tribalsystems Zenario CMS 8.8.52729, where a SQL Injection vulnerability exists in the Pugin library - delete path, via the ID input in ajax.php. The root cause is lack of input sanitization on the ID parameter, allowing remote attackers to access the database or ...

9.1CVSS9.5AI score0.00927EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/04/16 5:24 p.m.•15 views

CVE-2021-26830

9.9AI score0.00927EPSS

Exploits1References1

Veracode•added 2018/10/22 9:32 a.m.•15 views

Cross-Site Request Forgery (CSRF)

tribalsystems/zenario is vulnerable to cross-site request forgery CSRF. The application does not verify the authenticity of a request to admin/organizer.ajax.php?path=zenariocontent%2Fpanels%2Fcontent, which allows an attacker to submit a request on behalf of the victim when the victim visits a...

8.8CVSS8.4AI score0.00127EPSS

Exploits2References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by