CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

NVD•added 2026/04/14 4:16 p.m.•3 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.00024EPSS

Exploits2References3

NVD•added 2026/04/14 4:16 p.m.•1 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS0.00038EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-8038

Malware in sbrugna...

10CVSS9.5AI score0.04359EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 3:33 a.m.•2 views

CVE-2023-27700

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html...

8.1CVSS7.5AI score0.00306EPSS

Exploits1References1

NVD•added 2024/09/26 5:15 p.m.•13 views

CVE-2024-46627

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests...

9.1CVSS0.91286EPSS

Exploits0References4

Vulnrichment•added 2024/09/26 12:0 a.m.•9 views

CVE-2024-46627

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests...

9.6AI score0.91286EPSS

Exploits0References4

CVE•added 2024/09/26 12:0 a.m.•49 views

CVE-2024-46627

DATAGERRY (BECN) v2.2 shows an Incorrect Access Control vulnerability that allows an attacker to execute arbitrary commands via crafted HTTP requests to the REST API. The issue is documented as a REST API authentication bypass/ACL flaw with high impact (CVSS 3.1: 9.1, Critical) and affects the v2...

9.1CVSS7.9AI score0.91286EPSS

Exploits0References4

Cvelist•added 2024/09/26 12:0 a.m.•196 views

CVE-2024-46627

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests...

0.91286EPSS

Exploits0References4

OSV•added 2024/09/15 5:35 p.m.•16 views

RHSA-2008:0966 Red Hat Security Advisory: Red Hat Application Stack v2.2 security and enhancement update

Bulletin has no description...

5CVSS7.7AI score0.6456EPSS

Exploits6References15

RedHat Linux•added 2024/09/12 9:30 p.m.•22 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release

Red Hat OpenShift Dev Spaces 3.16 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

8.8CVSS6.7AI score0.07521EPSS

Exploits3References2

RedHat Linux•added 2024/07/18 5:11 p.m.•64 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release

Red Hat OpenShift Dev Spaces 3.15 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

8.8CVSS7.2AI score0.944EPSS

Exploits24References13

Cvelist•added 2023/09/08 12:0 a.m.•10 views

CVE-2023-41575

Multiple stored cross-site scripting XSS vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters...

5.6AI score0.00149EPSS

Exploits0References1

NVD•added 2023/08/16 4:15 p.m.•6 views

CVE-2023-4204

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...

9.8CVSS6.5AI score0.00243EPSS

Exploits0References1

Metasploit•added 2023/06/14 7:50 p.m.•282 views

Symmetricom SyncServer Unauthenticated Remote Command Execution

This module exploits an unauthenticated command injection vulnerability in /controller/ping.php. The S100 through S350 End of Life models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability. Later models require authentication which is not provided in this...

9.8CVSS8.6AI score0.90776EPSS

Exploits3

Tenable Nessus•added 2023/05/02 12:0 a.m.•20 views

Siemens SCALANCE XCM332 Use After Free (CVE-2022-40674)

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid501086;...

8.1CVSS7.4AI score0.00941EPSS

Exploits0References16

Patchstack•added 2023/04/19 12:0 a.m.•7 views

WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS)

Software Category Specific RSS feed Subscription Type Plugin Vulnerable versions = v2.2 Fixed in v2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22685 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9fd849c38037 Credits...

5.9CVSS6AI score0.00207EPSS

Exploits0References2Affected Software1

OSV•added 2023/03/28 2:15 p.m.•8 views

CVE-2023-27701

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html...

8.1CVSS7.7AI score

Exploits0References1

NVD•added 2023/03/28 2:15 p.m.•6 views

CVE-2023-27701

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html...

8.1CVSS8.2AI score0.00144EPSS

Exploits1References1