CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.2AI score0.79718EPSS

Exploits2

Nuclei•added 17 hours ago•62 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.3AI score0.1207EPSS

Exploits2References5

Nuclei•added 17 hours ago•26 views

Zaver - Local File Inclusion

Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...

7.5CVSS7.2AI score0.49013EPSS

Exploits1References5

Nuclei•added yesterday•44 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS7.2AI score0.73129EPSS

Exploits1References2

Nuclei•added 6 days ago•51 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7.4AI score0.8523EPSS

Exploits5References5

Positive Technologies•added 2026/02/25 12:0 a.m.•4 views

PT-2026-21827

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue...

7CVSS5.4AI score0.00132EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 10:16 a.m.•5 views

CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

5.5CVSS6.1AI score0.87254EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:15 a.m.•5 views

CVE-2019-2937

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

8.1CVSS6.7AI score0.01133EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•6 views

CVE-2023-4227

A vulnerability has been identified in the ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...

6.5CVSS7AI score0.00202EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:52 a.m.•4 views

CVE-2021-2118

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

8.2CVSS7.3AI score0.01691EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:51 a.m.•4 views

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.1CVSS6.9AI score0.01221EPSS

Exploits0References1

Tenable Nessus•added 2025/11/07 12:0 a.m.•1 views

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2025:3965-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3965-1 advisory. - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or...

7.5CVSS7.4AI score0.00068EPSS

Exploits0References11