Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

92526 matches found

OSV
OSVadded 2026/05/27 9:13 p.m.2 views

GHSA-M7V2-7GXM-VC2V Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...

9.3CVSS6.4AI score
Exploits0References6
Github Security Blog
Github Security Blogadded 2026/05/27 9:10 p.m.14 views

Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering

Description Symfony's profiler, a development only debug UI, renders source-code excerpts on several pages using Twig's custom fileexcerpt filter. This filter renders PHP files via highlightstring which escapes HTML, but renders non-PHP files by splitting on \n and interpolating each line directl...

5.9AI score
Exploits0References7Affected Software3
NVD
NVDadded 2026/05/27 8:16 p.m.7 views

CVE-2026-44886

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

8.7CVSS0.00085EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:16 p.m.6 views

CVE-2026-44886

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

8.7CVSS5.9AI score0.00085EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/05/27 7:16 p.m.11 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS0.00046EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 7:16 p.m.9 views

CVE-2026-42878

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS0.00049EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 6:28 p.m.6 views

EUVD-2026-32625

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:28 p.m.6 views

CVE-2026-42878

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS5.9AI score0.00049EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/27 6:28 p.m.37 views

CVE-2026-42878 FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS0.00049EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 3:25 p.m.3 views

CVE-2026-45335 WeGIA: Middleware whitelist bypass → open redirect via InternoControle.nextPage

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

5.4CVSS5.9AI score0.00028EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 3:16 p.m.4 views

CVE-2026-30498

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

6.3CVSS0.00015EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 9:16 a.m.7 views

CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00043EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 9:16 a.m.8 views

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00043EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/05/27 9:5 a.m.9 views

WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...

9.8CVSS5.8AI score0.00148EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/27 8:16 a.m.8 views

CVE-2026-8832

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

8.8CVSS0.00488EPSS
Exploits2References8
NVD
NVDadded 2026/05/27 8:16 a.m.6 views

CVE-2026-40816

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.00064EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:55 a.m.23 views

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00039EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:54 a.m.22 views

CVE-2026-40830 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00043EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:53 a.m.4 views

EUVD-2026-32158

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:53 a.m.4 views

CVE-2026-40829 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
Rows per page
Query Builder