CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

CVE-2018-25395

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS0.00068EPSS

Exploits0References4

Cvelist•added 6 days ago•22 views

CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php

8.8CVSS0.00068EPSS

Exploits0References4

Vulnrichment•added 6 days ago•4 views

CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

CVE•added 6 days ago•6 views

CVE-2018-25395

Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

CNNVD•added 6 days ago•4 views

Kados R10 GreenBee SQL注入漏洞

Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

EUVD•added 2026/05/04 12:0 a.m.•3 views

EUVD-2026-27086

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

5.9AI score0.00051EPSS

Exploits1References2

GithubExploit•added 2026/04/29 11:17 p.m.•160 views

exploit-db-skill

Exploit-DB Skill Cross-Platform Small cross-platform helper...

10CVSS7.5AI score0.94358EPSS

Exploits341

NCSC•added 2026/04/03 8:20 a.m.•2 views

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

6.5CVSS6.4AI score0.00075EPSS

Exploits0References3

OSV•added 2026/03/31 10:35 p.m.•1 views

GHSA-M9G7-RGFC-JCM7 baserCMS Update Functionality Vulnerable to OS Command Injection

Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...

9.1CVSS6.1AI score0.00063EPSS

Exploits0References5

ATTACKERKB•added 2026/03/23 9:40 p.m.•1 views

CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

8.1CVSS5.9AI score0.00016EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/23 8:39 p.m.•1 views

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00016EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 10:18 a.m.•5 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7AI score0.00412EPSS

Exploits1References1

Vulnrichment•added 2025/11/20 3:44 p.m.•2 views

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.2AI score0.00052EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-2949

Malware in sbrugna...

9.3CVSS6.4AI score0.01858EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-19974

Malware in sbrugna...

7.8CVSS7.7AI score0.0103EPSS

Exploits1References2