Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Nuclei
Nucleiadded 3 days ago61 views

JeecgBoot v3.7.1 - SQL Injection

The JeecgBoot application is vulnerable to SQL Injection via the getTotalData endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands. id: CVE-2024-48307 info: name: JeecgBoot v3.7.1 - SQL Injection author: lbb,s4e-io...

9.8CVSS5.9AI score0.92209EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/23 4:17 a.m.4 views

CVE-2023-48307

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...

9.8CVSS6.7AI score0.00183EPSS
Exploits0
Circl
Circladded 2024/10/31 2:44 a.m.296 views

CVE-2024-48307

creationtimestamp| type| source ---|---|--- 2024-10-31 02:44:13+00:00| seen| https://t.me/cvedetector/9482 2024-12-09 19:07:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-48307.yaml 2025-01-23 00:00:00+00:00| seen| The Shadowserver...

9.8CVSS5.3AI score0.92209EPSS
In wildExploits1References4
CVE
CVEadded 2024/10/31 12:0 a.m.69 views

CVE-2024-48307

JeecgBoot v3.7.1 is affected by a SQL Injection vulnerability in the getTotalData endpoint (/onlDragDatasetHead/getTotalData). The CVE-2024-48307 entry, with CWE-89 and CVSS v3.1 score 9.8 (CRITICAL), indicates unauthenticated attackers could inject SQL to exfiltrate data. Related connected docum...

9.8CVSS8.3AI score0.92209EPSS
In wildExploits1References3Affected Software1
Circl
Circladded 2023/02/16 6:12 p.m.2 views

CVE-2022-48307

creationtimestamp| type| source ---|---|--- 2023-02-16 18:12:24+00:00| seen| https://t.me/cibsecurity/58319...

6.3CVSS4.6AI score0.00099EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/02/16 12:0 a.m.13 views

CVE-2022-48307

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack...

6.3CVSS6.4AI score0.00099EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/02/16 12:0 a.m.3 views

CVE-2022-48307

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack...

6.3CVSS6.8AI score0.00099EPSS
Exploits0References1
CVE
CVEadded 2023/02/16 12:0 a.m.41 views

CVE-2022-48307

The CVE-2022-48307 entry concerns Magritte-ftp where hostnames were not verified in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. This allowed a network-positioned attacker to perform a man-in-the-middle attack, intercepting and potentially reading or modifying traff...

6.3CVSS4.2AI score0.00099EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder