CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Positive Technologies•added 2026/04/24 12:0 a.m.•1 views

PT-2026-34836

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

8.7CVSS6.2AI score0.0037EPSS

Exploits1References4

NVD•added 2025/09/04 2:15 p.m.•1 views

CVE-2025-57263

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel...

7.2CVSS0.00094EPSS

Exploits1References1

OSV•added 2019/03/25 3:29 a.m.•0 views

CVE-2019-10016

GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring...

6.1CVSS6.3AI score

Exploits0References1

Prion•added 2011/10/08 10:55 a.m.•13 views

Sql injection

SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter...

7.5CVSS9AI score0.01724EPSS

Exploits1References6Affected Software1

seebug.org•added 2009/10/14 12:0 a.m.•23 views

FreeSchool 1.1.0 xss

No description provided by source. | D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |' [email protected] '--''--''--' = FREESCHOOL 1.1.0 XSS FUCK SCHOOL!!! | | "keyword...

7.1AI score

Exploits0

Prion•added 2008/06/30 6:24 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter...

4.3CVSS6AI score0.00475EPSS

Exploits0References7Affected Software1

NVD•added 2008/06/30 6:24 p.m.•8 views

CVE-2008-2923

Cross-site scripting XSS vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter...

4.3CVSS5.7AI score0.00475EPSS

Exploits0References7

NVD•added 2005/08/23 4:0 a.m.•11 views

CVE-2005-2649

Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...

4.3CVSS5.7AI score0.00655EPSS

Exploits1References4

CVE•added 2005/08/21 4:0 a.m.•56 views

CVE-2005-2649

CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...

4.3CVSS5.7AI score0.00655EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2004/11/13 12:0 a.m.•60 views

ht://Dig htsearch.cgi words Parameter XSS

The 'htsearch' CGI, which is part of the ht://Dig package, is vulnerable to cross-site scripting attacks, through the 'words' variable. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. %NASLMINLEVEL 70300 C Tenable Network Security, In...

4.3CVSS5.3AI score0.00396EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by