CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3195 matches found

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

9.9CVSS9.4AI score0.91346EPSS

Exploits1References4

CVE•added 2026/06/02 7:0 p.m.•8 views

CVE-2019-25723

CVE-2019-25723 describes an improper input handling vulnerability in Dräger Perseus A500 software 2.00–2.02 . An external attacker can cause a DoS by sending specially crafted, non-Medibus‑compliant data through the Medibus interface , flooding the internal processor and triggering a warm restart...

6.3CVSS5.8AI score0.00236EPSS

Exploits0References2

Positive Technologies•added 2026/02/05 12:0 a.m.•4 views

PT-2026-6581

Name of the Vulnerable Software and Affected Versions 10-Strike Network Inventory Explorer version 9.03 Description The software contains a buffer overflow issue in the file import functionality that enables remote attackers to run code without authorization. An attacker can create a specially...

9.8CVSS6.5AI score0.0063EPSS

Exploits0References6

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-5838

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that allows attackers to read arbitrary files without needing to log in. This is possible by manipulating the document parameter within the 'download.php' file. By...

8.7CVSS5.6AI score0.02564EPSS

Exploits1References7

EUVD•added 2026/02/01 12:56 p.m.•3 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:24 a.m.•2 views

CVE-2023-40153

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software...

6.1CVSS6AI score0.00296EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•3 views

CVE-2025-23569

Cross-Site Request Forgery CSRF vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through = 1.1.1...

7.1CVSS7.2AI score0.00184EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•9 views

CVE-2022-37922

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.7AI score0.01365EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:41 a.m.•5 views

CVE-1999-0661

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as 1 TCP Wrappers 7.6, 2 util-linux 2.9g, 3 wuarchive ftpd wuftpd 2.2 and 2.1f, 4 IRC client ircII ircII 2.2.9, 5 OpenSSH 3.4p1, or 6 Sendmail 8.12.6...

10CVSS7AI score0.54244EPSS

Exploits0References1

Veracode•added 2025/12/01 1:20 p.m.•4 views

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

9.3CVSS8.1AI score0.0254EPSS

Exploits3References5Affected Software1

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47299

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...

5.1CVSS5.9AI score0.00272EPSS

Exploits0References3

CVE•added 2025/11/05 12:0 a.m.•8 views

CVE-2025-56231

Tonec Internet Download Manager (IDM) 6.42.41.1 and earlier is affected by a Missing SSL Certificate Validation vulnerability in the update mechanism, allowing a remote attacker to bypass update protections. Affected component is the update/SSL validation routine; root cause details are consisten...

9.1CVSS6.5AI score0.0022EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41348

Name of the Vulnerable Software and Affected Versions Versions prior to 2.3 Description A memory corruption issue exists when processing an image encoding completion event. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.8CVSS6.5AI score0.00079EPSS

Exploits0References5

RedhatCVE•added 2025/10/07 6:27 p.m.•3 views

CVE-2025-52658

HCL MyXalytics 6.6. product is affected by Use of Vulnerable/Outdated Versions Vulnerability...

3.5CVSS7AI score0.00177EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-8043

Malware in sbrugna...

7.8CVSS7.6AI score0.004EPSS

Exploits0References2