Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 10:35 a.m.7 views

CVE-2019-16188

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity XXE attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the conte...

7.1CVSS6.6AI score0.00149EPSS
Exploits0References1
CVE
CVEadded 2019/09/25 4:6 p.m.47 views

CVE-2019-16188

The CVE-2019-16188 issue affects HCL AppScan Source prior to version 9.03.13. It allows XML External Entity (XXE) attacks via a specially crafted .ozasmt file, where, if the victim opens/imports it, the attacker can read local files accessible to the victim and exfiltrate content to a remote list...

7.1CVSS6.7AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2019/08/20 7:15 p.m.10 views

CVE-2019-4294

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM...

8.4CVSS8.2AI score0.00131EPSS
Exploits0References3
Prion
Prionadded 2019/08/20 7:15 p.m.15 views

Command injection

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM...

7.2CVSS7.8AI score0.00131EPSS
Exploits0References3Affected Software2
CVE
CVEadded 2019/08/20 6:25 p.m.50 views

CVE-2019-4294

CVE-2019-4294 affects IBM DataPower Gateway and IBM MQ Appliance. The root cause is a command-injection vulnerability in which a local attacker could execute arbitrary commands on the targeted system. Affected versions include IBM DataPower Gateway 2018.4.1.0–2018.4.1.6, 7.6.0.0–7.6.0.15, and IBM...

8.4CVSS7.9AI score0.00131EPSS
Exploits0References3Affected Software2
CVE
CVEadded 2019/01/09 10:0 p.m.42 views

CVE-2018-16188

The CVE-2018-16188 entry describes a SQL injection vulnerability in Ricoh Interactive Whiteboard products (D2200, D5500, D5510, and related displays/controllers). The root cause is an SQL injection flaw that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affect...

9.8CVSS9.8AI score0.00743EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2018/06/07 2:0 a.m.47 views

CVE-2017-16188

CVE-2017-16188 affects the reecerver web server. The vulnerability is a directory traversal flaw where a URL containing relative paths (e.g., ../../) leads to filesystem access outside the intended root. Connected advisories describe that affected revisions resolve relative file paths, enabling d...

7.5CVSS7.4AI score0.00533EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder