CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

EUVD•added 2026/05/30 2:55 p.m.•10 views

EUVD-2018-21931

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00325EPSS

Exploits0References4

Positive Technologies•added 2026/05/30 12:0 a.m.•9 views

PT-2026-45109

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi pengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00325EPSS

Exploits0References5

CNNVD•added 2026/05/30 12:0 a.m.•7 views

SIM-PKH 代码问题漏洞

SIM-PKH is a community-based poverty alleviation data management system developed by Insan Sutejo. Version 2.4.1 of SIM-PKH has code vulnerabilities. These vulnerabilities arise from submitting PHP code via the fupload parameter. This may allow authenticated attackers to upload malicious files,...

8.8CVSS5.9AI score0.00325EPSS

Exploits0References4

NVD•added 2026/04/29 4:16 p.m.•2 views

CVE-2025-56534

A cross-site scripting XSS vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00185EPSS

Exploits2References2

Positive Technologies•added 2026/03/15 12:0 a.m.•3 views

PT-2026-25717

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

6.1CVSS6AI score0.00274EPSS

Exploits1References5

OSV•added 2026/02/16 6:19 p.m.•4 views

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

6.1CVSS5.9AI score0.00223EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 12:40 p.m.•7 views

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

5.4CVSS6AI score0.00495EPSS

Exploits1References1

CNNVD•added 2025/12/29 12:0 a.m.•4 views

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

6.1CVSS6AI score0.00155EPSS

Exploits0References3

CNVD•added 2025/12/12 12:0 a.m.•4 views

MailEnable FieldTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.2AI score0.00324EPSS

Exploits0References1

Snyk•added 2025/10/23 6:31 p.m.•4 views

Cross-site Scripting (XSS)

Overview Piranha.Manager is a manager panel for Piranha CMS for AspNetCore. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the /manager/pages component when user-supplied input is injected into Markdown blocks. An attacker can execute arbitrary web scripts or HTML...

6.1CVSS5.3AI score0.00263EPSS

Exploits1References2

CNVD•added 2025/10/21 12:0 a.m.•3 views

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

5.4CVSS6.2AI score0.00501EPSS

Exploits0References1

CNVD•added 2025/10/17 12:0 a.m.•8 views

Centreon cross-site scripting vulnerability (CNVD-2025-24648)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

6.8CVSS7.1AI score0.00191EPSS

Exploits0References1

CNNVD•added 2025/10/14 12:0 a.m.•3 views

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

6.8CVSS6.2AI score0.00235EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-15958

Malware in sbrugna...

5.4CVSS5.9AI score0.00531EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2004-1639

Malware in sbrugna...

4.3CVSS6.4AI score0.03645EPSS

Exploits1References6