CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/08 3:2 p.m.•1 views

CVE-2026-3743

CVE•added 2026/03/08 3:2 p.m.•5 views

CVE-2026-3743

YiFang CMS 2.0.5 contains an XSS flaw in the update path for file app/db/admin/D_singlePageGroup.php. Manipulating the Name argument enables cross-site scripting, and the attack can be launched remotely. Public exploit and details exist; vendor was contacted but did not respond. No remediation de...

5.4CVSS4.2AI score0.00036EPSS

Vulnrichment•added 2026/03/08 3:2 p.m.•0 views

CVE-2026-3743 YiFang CMS D_singlePageGroup.php update cross site scripting

CVE•added 2026/03/08 3:2 p.m.•6 views

CVE-2026-3742

Affected software: YiFang CMS 2.0.5. The vulnerability resides in the function update of the file app/db/admin/D_singlePage.php where manipulating the argument Title triggers cross-site scripting. The exploit is publicly available and can be initiated remotely. Exploit code maturity is reported a...

5.4CVSS4.3AI score0.00036EPSS

Cvelist•added 2026/03/08 3:2 p.m.•25 views

CVE-2026-3742 YiFang CMS D_singlePage.php update cross site scripting

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/DsinglePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and ma...

5.1CVSS0.00036EPSS

ATTACKERKB•added 2026/03/08 3:2 p.m.•3 views

CVE-2026-3742

5.1CVSS4.3AI score0.00036EPSS

Vulnrichment•added 2026/03/08 2:32 p.m.•0 views

CVE-2026-3741 YiFang CMS D_friendLink.php update cross site scripting

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

ATTACKERKB•added 2026/03/08 2:32 p.m.•2 views

CVE-2026-3741

CVE•added 2026/03/08 2:32 p.m.•5 views

CVE-2026-3741

YiFang CMS 2.0.5 is affected by CVE-2026-3741 due to a vulnerability in the update function of app/db/admin/D_friendLink.php where manipulation of the linkName parameter enables cross-site scripting. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. No remed...

5.4CVSS4.2AI score0.00036EPSS

Positive Technologies•added 2026/03/08 12:0 a.m.•2 views

PT-2026-23948

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and m...

5.1CVSS4.3AI score0.00036EPSS

Exploits1References5

Positive Technologies•added 2026/03/08 12:0 a.m.•1 views

PT-2026-23947

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

RedhatCVE•added 2026/02/27 12:41 a.m.•3 views

Exploits1References5

CVE-2026-27849

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

9.8CVSS5.5AI score0.00071EPSS

Exploits0References1

EUVD•added 2026/02/25 6:31 p.m.•4 views

EUVD-2026-8688

5.5AI score0.00071EPSS

Exploits0References2

Cvelist•added 2026/02/25 4:20 p.m.•18 views

CVE-2026-27849 Missing neutralization in Linksys MR9600, Linksys MX4200

0.00071EPSS

Exploits0References1

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-21962

Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 versions 1.0.13.210200 Description The issue stems from a lack of proper handling of special characters, allowing for the injection of OS commands through the update functionality associated with a TLS-SRP...

9.8CVSS5.7AI score0.00071EPSS

Exploits0References5

RedhatCVE•added 2026/02/23 1:31 p.m.•3 views

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

4.8CVSS3AI score0.00059EPSS

Exploits1References1

RedhatCVE•added 2026/02/23 1:31 p.m.•3 views

CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

4.8CVSS2.8AI score0.00043EPSS

Exploits1References1

NVD•added 2026/02/22 9:16 a.m.•2 views

CVE-2026-2934

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/DfriendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

4.8CVSS0.00043EPSS

NVD•added 2026/02/22 8:15 a.m.•4 views

CVE-2026-2933

4.8CVSS0.00043EPSS