Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2025/08/29 5:17 p.m.5 views

CVE-2025-33036 Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

7.2CVSS0.00094EPSS
Exploits0References1
OSV
OSVadded 2025/08/25 2:15 p.m.2 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References2
CVE
CVEadded 2025/03/03 7:40 a.m.54 views

CVE-2025-1723

CVE-2025-1723 affects Zohocorp ManageEngine ADSelfService Plus versions 6510 and earlier. The root cause is session mishandling in ADSelfService Plus, which can enable account takeover by valid users, especially when MFA is not enabled. Multiple connected sources (Red Hat advisory, NVD/NCSC/CVE r...

8.1CVSS8.1AI score0.0029EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/03/03 7:40 a.m.21 views

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

8.1CVSS0.0029EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/02/17 7:15 p.m.3 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.8AI score0.01358EPSS
Exploits3References5Affected Software2
OSV
OSVadded 2022/02/15 1:57 a.m.13 views

GHSA-M4JX-6526-VVHM Denial of service in github.com/nats-io/nats-server/server

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers - Running a NATS service which is exposed to untrusted users presents a heighten...

7.5CVSS7.5AI score0.08427EPSS
Exploits0References7
ThreatPost
ThreatPostadded 2020/02/05 8:26 p.m.33 views

CamuBot Banking Trojan Returns In Targeted Attacks

The CamuBot malware, known for targeting Brazilian bank customers, has returned in a slew of recent offensives. The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims’ mobile banking apps as an extra step to evade detection when making fraudulent...

1.4AI score
Exploits0References10
OSV
OSVadded 2019/07/23 2:15 p.m.2 views

CVE-2019-11701

The default webcal: protocol handler will load a web site vulnerable to cross-site scripting XSS attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.. This...

6.1CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder