CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

380 matches found

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplifypath function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. id: CVE-2006-3392 info: name: Webmin 1.290 / Usermin 1.220 -...

5CVSS8.5AI score0.77805EPSS

Exploits2References2

Nuclei•added 9 hours ago•28 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.1AI score0.02499EPSS

Exploits5References4

RedhatCVE•added 2026/01/09 12:29 p.m.•4 views

CVE-2023-40986

A stored cross-site scripting XSS vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field...

5.4CVSS5.6AI score0.00415EPSS

Exploits1References1

GithubExploit•added 2025/12/27 4:38 p.m.•162 views

Exploit for Generation of Error Message Containing Sensitive Information in Webmin Usermin

No d...

5.3CVSS7AI score0.02499EPSS

Exploits5

Redos•added 2025/11/05 12:0 a.m.•3 views

ROS-20251105-05

Vulnerability of passwordchange.cgi script of Webmin hosting control panel and web-interface for unix-like systems Usermin is related to flaws in error reporting mechanism. unix-like systems Usermin is related to a flaw in the error reporting mechanism. Exploitation of the vulnerability could all...

5.3CVSS6.9AI score0.02499EPSS

Exploits5