Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2026/01/07 9:28 a.m.6 views

CVE-2019-12949

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diagcommand.php and rrdfetchjson.php timePeriod parameter, to a server. Then, the remote...

6.1CVSS6.3AI score0.12389EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/23 9:29 a.m.6 views

CVE-2024-12949

A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been...

8.8CVSS7.5AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/12/26 11:31 a.m.12 views

CVE-2024-12949 code-projects Travel Management System package.php sql injection

A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS0.00096EPSS
Exploits0References4
Cvelist
Cvelistadded 2022/01/14 4:23 p.m.7 views

CVE-2020-12949

...

Exploits0
Tenable Nessus
Tenable Nessusadded 2021/02/11 12:0 a.m.116 views

pfSense < 2.4.5 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is to 2.4.5. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a...

9.8CVSS7.1AI score0.12389EPSS
Exploits2References12
NVD
NVDadded 2019/06/25 11:15 a.m.12 views

CVE-2019-12949

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diagcommand.php and rrdfetchjson.php timePeriod parameter, to a server. Then, the remote...

6.1CVSS6.9AI score0.12389EPSS
Exploits2References1
CVE
CVEadded 2019/06/25 10:55 a.m.79 views

CVE-2019-12949

CVE-2019-12949 affects pfSense 2.4.4-p2 and 2.4.4-p3. An authenticated admin can be lured into clicking a phishing-page button, triggering XSS via diag_command.php and rrd_fetch_json.php (timePeriod parameter) that uploads arbitrary executable code to the server. The attacker can then run command...

6.1CVSS6.1AI score0.12389EPSS
Exploits2References1Affected Software1
OSV
OSVadded 2017/08/18 6:29 p.m.12 views

CVE-2017-12949

lib\modules\contributors\contributorlisttable.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF...

8.8CVSS8AI score
Exploits0References1
Cvelist
Cvelistadded 2017/08/18 6:0 p.m.14 views

CVE-2017-12949

lib\modules\contributors\contributorlisttable.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF...

9.2AI score0.00719EPSS
Exploits1References1
Rows per page
Query Builder