CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

163 matches found

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

5.3CVSS5.3AI score0.00016EPSS

Exploits1References1

EUVD•added 2026/05/17 6:45 a.m.•9 views

EUVD-2026-30686

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS5.8AI score0.00075EPSS

Exploits0References4

Cvelist•added 2026/04/27 5:30 p.m.•32 views

CVE-2026-7144 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00035EPSS

Exploits0References5

Snyk•added 2026/04/04 9:30 p.m.•2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the admin/usermanipulate and admin/settings/generall endpoints. An attacker can perform unauthorized administrative actions by tricking an authenticated administrator into submitting crafted...

7.4CVSS5.7AI score0.00016EPSS

Exploits1References3

Positive Technologies•added 2026/01/30 12:0 a.m.•2 views

PT-2026-5392

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

4.3CVSS5.9AI score0.00014EPSS

Exploits0References2

OSV•added 2025/10/16 9:15 a.m.•2 views

CVE-2025-0276

HCL BigFix Modern Client Management MCM 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy CSP. An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content...

6.1CVSS5.8AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11901

Malware in sbrugna...

5.3CVSS6.7AI score0.03761EPSS

Exploits0References34

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11933

Malware in sbrugna...

6.5CVSS6.6AI score0.00204EPSS

Exploits0References5