CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14726 matches found

CVE•added 2025/10/27 1:32 a.m.•8 views

CVE-2025-12202

The CVE-2025-12202 entry concerns a cross-site request forgery in ajayrandhawa User-Management-PHP-MYSQL web (up to commit fedcf58797bf2791591606f7b61fdad99ad8bff1). Connected documents confirm remote exploitation and that the exploit has been publicly released. The products and versions affected...

5.3CVSS6.1AI score0.00265EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/10/27 12:0 a.m.•4 views

PT-2025-43760

Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL web affected versions not specified Description A security flaw exists in ajayrandhawa User-Management-PHP-MYSQL web. The issue involves cross-site request forgery, allowing remote attackers to perform...

5.3CVSS6.3AI score0.00265EPSS

Exploits1References6

Vulnrichment•added 2025/10/27 12:0 a.m.•3 views

CVE-2025-60291

An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...

6.4AI score0.00305EPSS

Exploits1References2

Packet Storm News•added 2025/10/27 12:0 a.m.•3 views

Wapiti Web Application Vulnerability Scanner 3.2.8 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.2AI score

Exploits0

GithubExploit•added 2025/10/26 11:12 p.m.•134 views

web-application-vulnerability-scanner

web-application-vulnerability-scanner A Web Application Vul...

6.9AI score

Exploits0

GithubExploit•added 2025/10/25 6:1 p.m.•120 views

cybersec-ids

cybersec-ids Full-stack AI-driven Web App Intrusion Detection...

7.2AI score

Exploits0

GithubExploit•added 2025/10/25 3:34 p.m.•133 views

Exploit for CVE-2025-63307

CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...

8.1CVSS5.4AI score0.00321EPSS

Exploits2

GithubExploit•added 2025/10/24 6:35 p.m.•227 views

Exploit for CVE-2025-61155

PoC exploit for CVE-2025-61155, a vulnerability in an unspecifie...

8.2AI score0.00275EPSS

Exploits2

GithubExploit•added 2025/10/23 11:36 a.m.•243 views

Xss-Wordlist

It is an offensive tool for web application security testing. Th...

6.8AI score

Exploits0

EUVD•added 2025/10/22 3:11 p.m.•2 views

EUVD-2025-35589

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

8.8CVSS7.7AI score0.00294EPSS

Exploits0References2

RedhatCVE•added 2025/10/21 4:31 p.m.•6 views

CVE-2025-60783

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

6.5CVSS8AI score0.00244EPSS

Exploits1References1

GithubExploit•added 2025/10/20 11:22 a.m.•167 views

Exploit for Code Injection in Microsoft

It is an offensive tool for web exploitation. The repository con...

10CVSS8.4AI score0.99999EPSS

Exploits16

GithubExploit•added 2025/10/17 8:21 p.m.•169 views

pocFlexiPwn

It is an offensive tool for web exploitation. The repository con...

8.5AI score

Exploits0

RedhatCVE•added 2025/10/17 2:52 p.m.•5 views

CVE-2025-56700

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...

5.4CVSS8.5AI score0.00234EPSS

Exploits0References1

RedhatCVE•added 2025/10/16 4:1 p.m.•4 views

CVE-2025-61935

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score0.0032EPSS

Exploits0References1

RedhatCVE•added 2025/10/16 2:51 p.m.•5 views

CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score0.0035EPSS

Exploits0References1

CVE•added 2025/10/16 10:3 a.m.•9 views

CVE-2025-24833

CVE-2025-24833 is a stored XSS vulnerability in desknet’s NEO, affecting version range V4.0R1.0–V9.0R2.0. The issue allows execution of arbitrary JavaScript in a user’s browser via a stored payload. The connected Red Hat (RH:CVE-2025-24833) and other feeds confirm the same description. No exploit...

5.4CVSS5.2AI score0.00257EPSS

Exploits0References2

CVE•added 2025/10/16 12:0 a.m.•12 views

CVE-2025-56700

CVE-2025-56700 describes a boolean SQL injection in the web app of Centrax Open PSIM 6.1 (Base Digitale Group spa). The flaw is triggered via the datafine parameter and can be exploited by a low-privileged user with platform access to execute arbitrary SQL commands. The provided documents do not ...

5.4CVSS8.1AI score0.00234EPSS

Exploits0References2