CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.2AI score0.1449EPSS

Exploits2

Nuclei•added yesterday•65 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.3AI score0.01193EPSS

Exploits2References5

Nuclei•added yesterday•30 views

Zaver - Local File Inclusion

Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...

7.5CVSS7.2AI score0.03397EPSS

Exploits1References5

Nuclei•added yesterday•55 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7.4AI score0.82976EPSS

Exploits5References5

Nuclei•added yesterday•46 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS7.2AI score0.04715EPSS

Exploits1References2

Positive Technologies•added 2026/02/25 12:0 a.m.•6 views

PT-2026-21827

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue...

7CVSS5.4AI score0.00264EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 10:16 a.m.•6 views

CVE-2019-2618

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

5.5CVSS6.1AI score0.33405EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:15 a.m.•9 views

CVE-2019-2937

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

8.1CVSS6.7AI score0.01573EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•9 views

CVE-2023-4227

A vulnerability has been identified in the ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of...

6.5CVSS7AI score0.00304EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:52 a.m.•6 views

CVE-2021-2118

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

8.2CVSS7.3AI score0.01169EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:51 a.m.•6 views

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.1CVSS6.9AI score0.00931EPSS

Exploits0References1

Tenable Nessus•added 2025/11/07 12:0 a.m.•3 views

SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2025:3965-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3965-1 advisory. - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or...

7.5CVSS6.8AI score0.00633EPSS

Exploits0References11