CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/04/07 11:31 p.m.•66 views

CVE-2024-3436

CVE-2024-3436 affects SourceCodester Prison Management System 1.0, targeting the Avatar Handler’s /Admin/edit-photo.php. The vulnerability is an unrestricted upload via manipulation of the avatar parameter, allowing remote exploitation. Multiple connected sources confirm the same issue and identi...

7.2CVSS6.5AI score0.00085EPSS

Exploits1References4Affected Software1

OSV•added 2024/03/23 6:15 p.m.•0 views

CVE-2024-2849

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

9.8CVSS5.5AI score

CNNVD•added 2024/03/18 12:0 a.m.•1 views

Employee Task Management System Security Vulnerability

Employee Task Management System is an employee task management system by Carlo Montero Personal Developer. A security vulnerability exists in Employee Task Management System version 1.0, which originates from unknown code in /manage-admin.php that results in a redirect...

9.8CVSS7AI score0.00145EPSS

OSV•added 2024/03/17 9:15 a.m.•0 views

CVE-2024-2557

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

9.1CVSS5.4AI score

OSV•added 2024/03/06 11:4 a.m.•12 views

BIT-REDIS-2022-3734

A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclos...

9.8CVSS9.5AI score0.00487EPSS

Exploits0References2

CNNVD•added 2024/03/03 12:0 a.m.•1 views

BDTASK Hospital AutoManager Cross-Site Request Forgery Vulnerability

BDTASK Hospital AutoManager is a powerful hospital management software from BDTASK Bangladesh. A cross-site request forgery vulnerability exists in BDTASK Hospital AutoManager, which originates from the fact that /investigation/delete/ in the component Investigation Report Handler contains unknow...

6.5CVSS6.9AI score0.00099EPSS

OSV•added 2024/03/01 1:15 p.m.•0 views

CVE-2024-2061

A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/editsupplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...

7.2CVSS5.7AI score

NVD•added 2024/02/29 1:43 a.m.•6 views

CVE-2024-1192

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been...

5.5CVSS4.1AI score0.00111EPSS

Exploits1References3

CNNVD•added 2024/01/22 12:0 a.m.•3 views

Online Railway Reservation System Cross-Site Scripting Vulnerability

Online Railway Reservation system is a web-based application that provides an online platform for railroad or train station passengers or potential passengers to browse their schedules and book seats. A cross-site scripting vulnerability exists in Online Railway Reservation System version 1.0,...

6.1CVSS6.2AI score0.00288EPSS

CNNVD•added 2024/01/11 12:0 a.m.•1 views

File Sharing Wizard security vulnerability

File Sharing Wizard is a file sharing and transfer software package. A security vulnerability exists in File Sharing Wizard version 1.5.0, which results in a denial of service due to unknown code in the component GET Request Handler...

7.5CVSS6.9AI score0.00107EPSS

Exploits1References5

OSV•added 2024/01/02 12:15 a.m.•2 views

CVE-2024-0184

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/editteacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting...

4.8CVSS3.8AI score

Prion•added 2024/01/02 12:15 a.m.•11 views

Cross site scripting

3.3CVSS6.6AI score0.00055EPSS

Exploits1References3Affected Software1

CNNVD•added 2023/12/13 12:0 a.m.•0 views

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in Thecosy IceCMS version 2.0.1, which stems from the presence of unknown code in the application that can be exploited by an attacke...

6.5CVSS6.9AI score0.00166EPSS

CNNVD•added 2023/10/06 12:0 a.m.•2 views

WordPress Plugin Easy2Map Photos SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Easy2Map Photos version...

9.8CVSS8.2AI score0.00052EPSS

CNNVD•added 2023/09/15 12:0 a.m.•0 views

App1pro Shopicial Cross-Site Scripting Vulnerability

App1pro Shopicial is a social forum software from App1pro, Inc. App1pro Shopicial suffers from a cross-site scripting vulnerability that stems from the presence of unknown code in file search that results in cross-site scripting...

6.1CVSS6.2AI score0.00158EPSS

NVD•added 2023/09/09 12:15 p.m.•7 views

CVE-2023-4851

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

9.8CVSS7.5AI score0.00044EPSS

Exploits1References3

CNNVD•added 2023/07/16 12:0 a.m.•1 views

Bylancer QuickAI OpenAI SQL注入漏洞

Bylancer QuickAI OpenAI is an artificial intelligence writing assistant and content creator from Bylancer. Bylancer QuickAI OpenAI version 3.8.1 suffers from a SQL injection vulnerability that stems from the presence of unknown code in the file/blog in the component GET Parameter Handler, which...

9.8CVSS7.1AI score0.00056EPSS