CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

109 matches found

WordPress Tutor LMS <2.0.10 - Cross Site Scripting

WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the resetkey and userid parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the conte...

6.1CVSS6.4AI score0.20076EPSS

Exploits2References3

Cvelist•added 2026/05/11 12:48 p.m.•33 views

CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS0.00275EPSS

Exploits0References13

Github Security Blog•added 2026/05/07 6:30 p.m.•7 views

query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS5.8AI score0.0002EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/10 5:35 p.m.•2 views

EUVD-2026-21522

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicchacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and...

7.5CVSS5.8AI score0.00045EPSS

Exploits0References3

CNNVD•added 2026/04/10 12:0 a.m.•2 views

Chamilo LMS 授权问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained vulnerabilities related to authorization. Thes...

8.8CVSS5.9AI score0.00045EPSS

Exploits0References4

Vulnrichment•added 2026/02/09 9:5 p.m.•1 views

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

9.3CVSS5.4AI score0.00078EPSS

Exploits0References1

CNNVD•added 2026/02/04 12:0 a.m.•2 views

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.81 contained security vulnerabilities. These vulnerabilities stemmed from the automatic completion feature, where user-provided parameters were directly...

8.8CVSS6.1AI score0.00025EPSS

Exploits3References2

Positive Technologies•added 2026/01/13 12:0 a.m.•3 views

PT-2026-2338

Name of the Vulnerable Software and Affected Versions SAP ERP Central Component SAP ECC and SAP S/4HANA SAP EHS Management affected versions not specified Description A missing authorization check in SAP ERP Central Component SAP ECC and SAP S/4HANA SAP EHS Management allows an attacker to extrac...

6.4CVSS6.5AI score0.00071EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:39 p.m.•3 views

CVE-2023-43192

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statemen...

8.8CVSS8AI score0.00167EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:54 a.m.•6 views

CVE-2021-41162

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the ajax.render.php?operation=wizardhelper page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known...

9.3CVSS6.2AI score0.00311EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•3 views

PT-2025-49978

Name of the Vulnerable Software and Affected Versions Frappe HelpDesk version 1.14.0 Description A SQL injection issue exists in Frappe HelpDesk within the get dashboard data function of the dashboard component. This is due to the unsafe combination of user-supplied data directly into SQL queries...

8.6CVSS7.6AI score0.00033EPSS

Exploits1References5

Cvelist•added 2025/10/15 7:55 a.m.•6 views

CVE-2025-39967 fbcon: fix integer overflow in fbcon_do_set_font

In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcondosetfont Fix integer overflow vulnerabilities in fbcondosetfont where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1...

0.00021EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-4839

Malware in sbrugna...

4.3CVSS6.4AI score0.08061EPSS

Exploits1References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-0667

Malware in sbrugna...

4.3CVSS6.4AI score0.00285EPSS

Exploits0References6