CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Vulnrichment•added 2026/06/15 12:0 a.m.•8 views

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.1AI score0.00525EPSS

Exploits0References7

Cvelist•added 2026/06/15 12:0 a.m.•35 views

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

7.5CVSS0.00525EPSS

Exploits0References7

Positive Technologies•added 2026/06/15 12:0 a.m.•14 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS

Exploits0References9

Github Security Blog•added 2026/03/10 1:2 a.m.•8 views

Actual Sync Server has an Authenticated Path Traversal

Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...

6.5CVSS5.8AI score0.00377EPSS

Exploits1References7Affected Software1

Vulnrichment•added 2026/01/09 12:0 a.m.•1 views

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

7.7AI score0.00215EPSS

Exploits0References2

EUVD•added 2026/01/09 12:0 a.m.•3 views

EUVD-2026-1681

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

6.5CVSS7.5AI score0.00215EPSS

Exploits0References3

CNNVD•added 2026/01/09 12:0 a.m.•3 views

pss.sale.com 安全漏洞

pss.sale.com is a merchandising system by the individual developer XiaoLiuChu in China. A security vulnerability exists in version 1.0 of pss.sale.com, which stems from an incorrect manipulation of the parameter id in the endpoint userfiles/php/cancelorder.php, which could lead to a SQL injection...

6.5CVSS7.6AI score0.00215EPSS

Exploits0References3

Cvelist•added 2026/01/09 12:0 a.m.•19 views

CVE-2025-51626

SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancelorder.php endpoint...

0.00215EPSS

Exploits0References2

Vulnrichment•added 2025/12/10 9:13 p.m.•3 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS7.9AI score0.00809EPSS

Exploits1References4

Veracode•added 2024/08/07 7:41 a.m.•17 views

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in userfiles\modules\settings\admin.php by which an admin authenticated attacker can inject malicious scripts by submitting crafted input to the group field...

6.1CVSS6.5AI score0.0029EPSS

Exploits1References3Affected Software1

OSV•added 2024/08/05 6:31 p.m.•13 views

GHSA-HF66-XFGJ-42G8 Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

6.1CVSS6AI score0.0029EPSS

Exploits1References3

Github Security Blog•added 2024/08/05 6:31 p.m.•19 views

Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

6.1CVSS6.2AI score0.0029EPSS

Exploits1References3Affected Software1

NVD•added 2024/08/05 6:15 p.m.•15 views

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

6.1CVSS0.0029EPSS

Exploits1References1

Cvelist•added 2024/08/05 12:0 a.m.•31 views

CVE-2024-41380

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

0.0029EPSS

Exploits1References1

CVE•added 2024/08/05 12:0 a.m.•49 views

CVE-2024-41381

CVE-2024-41381 affects microweber 2.0.16. The vulnerability is a Cross-Site Scripting (XSS) in the file userfiles/modules/settings/admin.php, arising from insufficient input filtering/escaping. Evidence across multiple sources (NVD/Red Hat/CNVD/Veracode/GHSA/OSV) describes an XSS risk targeting a...

6.1CVSS6.5AI score0.0029EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/08/05 12:0 a.m.•12 views

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

6.5AI score0.0029EPSS

Exploits1References1

Cvelist•added 2024/08/05 12:0 a.m.•29 views

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

0.0029EPSS

Exploits1References1

Vulnrichment•added 2024/08/05 12:0 a.m.•14 views

CVE-2024-41380

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

6.5AI score0.0029EPSS

Exploits1References1

CVE•added 2024/08/05 12:0 a.m.•29 views

CVE-2024-41380

Microweber 2.0.16 contains a Cross Site Scripting (XSS) vulnerability in the file path userfiles/modules/tags/add_tagging_tagged.php, caused by insufficient input validation/escaping of user-supplied data. Affected component: add_tagging_tagged.php within the tags module. Impact is described as X...

6.1CVSS6.5AI score0.0029EPSS

Exploits1References1Affected Software1

OSV•added 2022/05/24 5:23 p.m.•27 views

GHSA-PMXG-W9C7-FFMQ Microweber Discloses Sensitive Information

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request...

7.5CVSS7.3AI score0.13722EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by