CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

ATTACKERKB•added 2026/05/22 12:0 a.m.•3 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00039EPSS

Exploits1References2

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a SCADA software based on the browser architecture developed by Advantech China Research & Development. This software supports dynamic graphical displays and real-time data control, and provides functionality for remote control and management of automation devices. Th...

6.1CVSS5.7AI score0.00039EPSS

Exploits1References1

CNVD•added 2025/11/14 12:0 a.m.•2 views

Intel QAT Windows software buffer overflow vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has a buffer overflow vulnerability that originates from a buffer overflo...

6.8CVSS7.3AI score0.00017EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-12966

Malicious code in bioql PyPI...

9.8CVSS6.9AI score0.0027EPSS

Exploits2References2

RedhatCVE•added 2025/05/23 4:10 a.m.•7 views

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

7.2CVSS8.2AI score0.0268EPSS

Exploits1

OSV•added 2025/05/18 6:15 p.m.•0 views

CVE-2025-4890

A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement...

7.8CVSS5.9AI score

Exploits0References5

CNNVD•added 2025/05/18 12:0 a.m.•2 views

Code-Projects Tourism Management System 安全漏洞

Code-Projects Tourism Management System is an open source tourism management system from Code-Projects. A security vulnerability exists in Code-Projects Tourism Management System version 1.0, which is caused by a stack buffer overflow due to incorrect manipulation of the username/password...

7.8CVSS5.7AI score0.00081EPSS

Exploits1References7

Vulnrichment•added 2025/04/01 12:0 a.m.•3 views

CVE-2025-29036

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component...

7.4AI score0.00823EPSS

Exploits0References3

Cvelist•added 2024/10/24 12:0 a.m.•15 views

CVE-2024-48454

An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component...

0.02659EPSS

Exploits0References3

CVE•added 2024/10/24 12:0 a.m.•66 views

CVE-2024-48454

CVE-2024-48454 targets SourceCodester Purchase Order Management System v1.0, allowing remote code execution via the /admin?page=user component. Multiple connected feeds (Red Hat, NVD, CVEs list, CNNVD, PT-Security) corroborate an RCE risk in the admin page, with confirmed affected software/versio...

7.2CVSS7.9AI score0.02659EPSS

Exploits0References3Affected Software1

NVD•added 2024/08/20 1:15 p.m.•10 views

CVE-2024-42583

A Cross-Site Request Forgery CSRF in the component deleteuser.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges...

8.8CVSS0.00308EPSS

Exploits1References1

OSV•added 2024/08/20 1:15 p.m.•2 views

CVE-2024-42583

A Cross-Site Request Forgery CSRF in the component deleteuser.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges...

8.8CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-30045 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version 2.0 Description: A Cross-Site Request Forgery CSRF issue in the delete user.php component allows attackers to escalate privileges, potentially leading to unauthorized user deletion. Recommendations: For...

8.8CVSS7.6AI score0.00308EPSS

Exploits1References5

Positive Technologies•added 2024/07/26 12:0 a.m.•2 views

PT-2024-20328 · Skteco.Com · Skteco.Com Central Control Attendance Machine Web Management Platform

Name of the Vulnerable Software and Affected Versions: skteco.com Central Control Attendance Machine web management platform version 3.0 Description: The issue allows an attacker to obtain sensitive information via a crafted script to the "csl/user" component. Recommendations: For version 3.0,...

7.5CVSS6.3AI score0.00278EPSS

Exploits0References5

Vulnrichment•added 2023/11/27 12:0 a.m.•11 views

CVE-2023-49030

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component...

7.5AI score0.00065EPSS

Exploits1References3

ATTACKERKB•added 2023/10/20 10:15 p.m.•0 views

CVE-2023-43355

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component...

5.4CVSS6.2AI score0.00504EPSS

Exploits1References3

Cvelist•added 2023/10/20 12:0 a.m.•13 views

CVE-2023-43355

6.5AI score0.00504EPSS

Exploits1References2

NVD•added 2023/08/03 8:15 p.m.•7 views

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

7.2CVSS7.2AI score0.0268EPSS

Exploits1References2

NVD•added 2022/02/16 10:15 p.m.•10 views