Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2423 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-18704

Malware in sbrugna...

8.8CVSS8.6AI score0.02385EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2007-6660

Malware in sbrugna...

2.1CVSS6.4AI score0.01732EPSS
Exploits1References6
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.4 views

(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRunPatch class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00751EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.4 views

(0Day) Ivanti Endpoint Manager MP_Report_Run2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPReportRun2 class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00757EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.3 views

(0Day) Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPVistaReport class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.01582EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.5 views

(0Day) Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPQueryDetail2 class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.01583EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.4 views

(0Day) Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00751EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.5 views

(0Day) Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPQueryDetail class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00752EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.4 views

(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRunPatch class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00751EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2025/10/07 12:0 a.m.4 views

(0Day) Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRun class. The issue results from the lack of proper validation of a...

7.2CVSS8AI score0.00757EPSS
Exploits0References1
NVD
NVDadded 2025/10/06 5:16 p.m.6 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00434EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/06 4:44 p.m.6 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00434EPSS
Exploits0References2
NVD
NVDadded 2025/10/04 3:15 a.m.4 views

CVE-2025-8726

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppauserupload function. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/10/03 8:30 p.m.8 views

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS0.00333EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-26558

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00296EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-22489

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00288EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2023-56327

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.01126EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.15 views

EUVD-2023-39755

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00855EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.13 views

EUVD-2023-45077

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01271EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-57520

Malicious code in bioql PyPI...

9.9CVSS8.6AI score0.01564EPSS
Exploits0References1
Rows per page
Query Builder