CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Cvelist•added 2026/02/20 6:2 a.m.•29 views

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5.1CVSS0.00248EPSS

Exploits0References4

Patchstack•added 2025/08/15 11:29 p.m.•11 views

WordPress weichuncai(WP伪春菜) plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin weichuncaiWP伪春菜 versions = 1.5...

6.1CVSS5.7AI score0.00127EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/05/30 12:0 a.m.•2 views

Tinxy WiFi Lock Controller 安全漏洞

Tinxy WiFi Lock Controller is a smart door lock from Tinxy. A security vulnerability exists in Tinxy WiFi Lock Controller v1. The vulnerability stems from storing sensitive user information in clear text, which may lead to information leakage...

7.5CVSS6.3AI score0.00205EPSS

Exploits0References2

CNNVD•added 2025/04/18 12:0 a.m.•2 views

Denkovi DAEnetIP4 METO 安全漏洞

Denkovi DAEnetIP4 METO is a multifunctional 10/100 Mb Ethernet device IP controller from Denkovi for management and control. A security vulnerability exists in Denkovi DAEnetIP4 METO version 1.25, which stems from improper session management in the /loginok.htm endpoint, and could lead to a sessi...

9.8CVSS6.6AI score0.01681EPSS

Exploits0References1

Positive Technologies•added 2024/12/29 12:0 a.m.•3 views

PT-2024-17866 · Unknown · 1000 Projects Human Resource Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Human Resource Management System version 1.0 Description: A critical issue has been found in the processing of the file /employeeview.php, where the manipulation of the search argument leads to SQL injection. The attack can be...

9.8CVSS8.4AI score0.00691EPSS

Exploits1References13

Positive Technologies•added 2024/10/28 12:0 a.m.•4 views

PT-2024-16291 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A critical issue has been found in the component POST Parameter Handler, specifically in the file /kortex lite/control/edit profile.php. The manipulation of...

9.8CVSS7.1AI score0.00543EPSS

Exploits1References8

Positive Technologies•added 2024/08/22 12:0 a.m.•4 views

PT-2024-38791 · Unknown · Sourcecodester Online Health Care System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Health Care System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Health Care System. The issue is related to an unknown function of the file search.php, where the...

9.8CVSS8AI score0.0062EPSS

Exploits1References10

Positive Technologies•added 2024/03/11 12:0 a.m.•4 views

PT-2024-21166 · Sourcecodester · Sourcecodester Insurance Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Insurance Management System version 1.0 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. This enables attackers to...

6.1CVSS6.7AI score0.00309EPSS

Exploits0References4

CNNVD•added 2024/03/01 12:0 a.m.•3 views

Petrol Pump Management Software SQL Injection Vulnerability

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. Petrol Pump Management Software version v.1.0 suffers from a SQL injection vulnerability that originates from allowing an attacker to execute arbitrary code via the address parameter in the...

9.8CVSS8.6AI score0.12946EPSS

Exploits4References5

Positive Technologies•added 2024/01/26 12:0 a.m.•3 views

PT-2024-20154 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, resulting from insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/countrymodify.php endpoint...

8.2CVSS6.2AI score0.00436EPSS

Exploits0References4

Positive Technologies•added 2023/02/24 12:0 a.m.•5 views

PT-2023-16676 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical vulnerability has been found in the Payment Handler component of the affected software, specifically in the file /alphaware/summary.php. The manipulation of...

6.5CVSS6.7AI score0.00913EPSS

Exploits1References6

CNNVD•added 2022/09/12 12:0 a.m.•4 views

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

7.5CVSS8AI score0.00786EPSS

Exploits1References4

CNNVD•added 2022/06/02 12:0 a.m.•4 views

Badminton Center Management System SQL注入漏洞

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records.Badminton Center Management System version v1.0 is vulnerable to SQ...

7.2CVSS6AI score0.00958EPSS

Exploits1References2