CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•13 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

8CVSS0.00404EPSS

Snyk•added last week•5 views

Symlink Attack

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...

8.6CVSS6.3AI score0.00404EPSS

IBM Security Bulletins•added 2026/06/18 7:17 a.m.•3 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using the Web Server Plug-ins

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using the Web Server Plug-ins CVE-2026-9072, CVE-2026-8858, CVE-2026-10852 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00409EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1395

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's blockid attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduce...

6.4CVSS5.7AI score0.0024EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•7 views

CVE-2025-22741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

7.1CVSS5.4AI score0.0018EPSS

EUVD•added 2026/06/01 12:30 a.m.•10 views

EUVD-2026-33524

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS

Exploits0References6

Cvelist•added 2026/05/31 11:45 p.m.•41 views

CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS0.00192EPSS

CVE•added 2026/05/31 11:45 p.m.•17 views

CVE-2026-10204

CVE-2026-10204 affects OFCMS 1.1.3, specifically the JSON Query Interface. The vulnerability lies in the Query function within SysUserController.java, causing a SQL injection via remote exploitation. Public exploit access is noted, and the vendor was informed early through an issue but has not re...

6.5CVSS6.4AI score0.00192EPSS

CVE•added 2026/05/31 11:30 p.m.•17 views

CVE-2026-10203

The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...

6.5CVSS6.4AI score0.00196EPSS

ATTACKERKB•added 2026/05/31 11:30 p.m.•9 views

CVE-2026-10203

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00196EPSS

Cvelist•added 2026/05/31 11:15 p.m.•32 views

CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection

6.5CVSS0.00192EPSS

CVE•added 2026/05/31 11:15 p.m.•19 views

CVE-2026-10202

CVE-2026-10202 affects OFCMS 1.1.3. The vulnerability resides in the JSON Query Interface, specifically the function Query in SystemDictController.java, enabling SQL injection. The issue can be triggered remotely and a public exploit is available. Documents do not provide a remediation or patched...

6.5CVSS6.4AI score0.00192EPSS

Vulnrichment•added 2026/05/31 4:15 p.m.•7 views

CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS6.4AI score0.00196EPSS

Cvelist•added 2026/05/31 4:15 p.m.•31 views

CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection

6.5CVSS0.00196EPSS

CNNVD•added 2026/05/31 12:0 a.m.•7 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Versions of OFCMS 1.1.3 and earlier had a SQL injection vulnerability. This vulnerability originated from the parameter “system.user.query” in the function Query of the ComnController component’s ComnController.java...

6.5CVSS6.7AI score0.00196EPSS

NVD•added 2026/05/27 9:16 a.m.•10 views

CVE-2025-22741

7.1CVSS0.0018EPSS

Cvelist•added 2026/05/27 8:35 a.m.•29 views

CVE-2025-22741 WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.0018EPSS

ATTACKERKB•added 2026/05/27 8:35 a.m.•7 views

CVE-2025-22741

7.1CVSS5.8AI score0.0018EPSS

NVD•added 2026/05/14 9:16 p.m.•9 views

CVE-2026-45370

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

7.7CVSS0.00223EPSS