CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

RedhatCVE•added 2026/01/09 9:54 a.m.•7 views

CVE-2020-10455

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/translate.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:54 a.m.•6 views

CVE-2020-10437

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/optimize-database.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:53 a.m.•9 views

CVE-2020-10431

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:53 a.m.•7 views

CVE-2020-10400

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/article-collaboration.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:52 a.m.•6 views

CVE-2020-10426

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-groups.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•8 views

CVE-2020-10399

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-user.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•4 views

CVE-2020-10449

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-search.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•4 views

CVE-2020-10427

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-languages.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:50 a.m.•9 views

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2026/01/02 9:38 p.m.•12 views

CVE-2025-15414

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...

5.8CVSS4.7AI score0.00049EPSS

Exploits0References1

Vulnrichment•added 2026/01/01 9:32 p.m.•1 views

CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery

5.8CVSS4.8AI score0.00049EPSS

Exploits0References5

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-1030

Name of the Vulnerable Software and Affected Versions go-sonic versions up to 1.1.4 Description A server-side request forgery issue exists in the Theme Fetching API of go-sonic. The flaw is located in the FetchTheme function within the service/theme/git fetcher.go file. Manipulation of the uri...

5.8CVSS6.1AI score0.00049EPSS

Exploits0References10

VulnCheck KEV•added 2025/11/28 12:0 a.m.•1 views

VulnCheck KEV: CVE-2025-5605

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

5.3CVSS5.8AI score0.06206EPSS

In wildExploits0References17

EUVD•added 2025/10/24 12:30 p.m.•2 views

EUVD-2025-35828

4.3CVSS6.2AI score0.06206EPSS

Exploits0References2

CVE•added 2025/10/24 10:9 a.m.•15 views

CVE-2025-5605

CVE-2025-5605 describes an authentication bypass in the Management Console of multiple WSO2 products. A malicious actor who has console access can manipulate the request URI to bypass authentication and access restricted resources, resulting in partial information disclosure. The known exposure i...

5.3CVSS6.4AI score0.06206EPSS

In wildExploits0References1Affected Software9

Vulnrichment•added 2025/10/24 10:9 a.m.•8 views

CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

4.3CVSS6.4AI score0.06206EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-2845

Malware in sbrugna...

4.8CVSS5AI score0.00321EPSS

Exploits3References3

EUVD•added 2025/10/07 12:30 a.m.•3 views