CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

125 matches found

EUVD•added 2026/04/12 3:30 p.m.•2 views

EUVD-2019-20139

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

5.3CVSS5.7AI score0.00005EPSS

Exploits1References3

NVD•added 2026/04/12 1:16 p.m.•1 views

CVE-2019-25708

5.3CVSS0.00005EPSS

Exploits1References2

Patchstack•added 2026/03/27 11:24 a.m.•1 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00135EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/25 6:47 p.m.•3 views

DRUPAL-CONTRIB-2026-015

This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...

6.5CVSS5.7AI score0.00052EPSS

Exploits0References1

Positive Technologies•added 2026/02/25 12:0 a.m.•2 views

PT-2026-22086

Name of the Vulnerable Software and Affected Versions Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 Description A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on...

6.5CVSS5.9AI score0.00052EPSS

Exploits0References5

Drupal•added 2026/02/25 12:0 a.m.•6 views

CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015

6.5CVSS5.5AI score0.00052EPSS

Exploits0References3

Cvelist•added 2026/01/29 2:28 p.m.•29 views

CVE-2020-37007 Liman 0.7 - Cross-Site Request Forgery (Change Password)

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...

5.3CVSS0.00032EPSS

Exploits1References3

ATTACKERKB•added 2026/01/29 2:28 p.m.•4 views

CVE-2020-37007

5.3CVSS5.8AI score0.00032EPSS

Exploits1References3Affected Software1

Packet Storm News•added 2025/12/28 12:0 a.m.•3 views

Breaking the Illusion: Automated Reasoning of GDPR Consent Violations

Recent privacy regulations such as the General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA have established legal requirements for obtaining user consent regarding the collection, use, and sharing of personal data. These regulations emphasize that consent must be...

6.8AI score

Exploits0

RedhatCVE•added 2025/12/24 7:36 p.m.•1 views

CVE-2021-47722

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

5.1CVSS6.7AI score0.00006EPSS

Exploits1References1

Vulnrichment•added 2025/12/17 4:31 a.m.•1 views

CVE-2025-13861 HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...

6.1CVSS5AI score0.00109EPSS

Exploits0References4

Packet Storm News•added 2025/11/10 12:0 a.m.•2 views

Wapiti Web Application Vulnerability Scanner 3.2.9 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.2AI score

Exploits0

Positive Technologies•added 2025/11/08 12:0 a.m.•3 views

PT-2025-45548

Name of the Vulnerable Software and Affected Versions HTML Forms – Simple WordPress Forms Plugin versions up to and including 1.5.5 Description The software contains a flaw that allows an attacker with administrator-level permissions to inject malicious web scripts into pages. This is due to...

4.4CVSS6.3AI score0.0002EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-3705

Malware in sbrugna...

4.3CVSS6.3AI score0.00483EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25641

Malware in sbrugna...

9CVSS8.3AI score0.05887EPSS

Exploits3References3