Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.5 views

PT-2026-37177

Name of the Vulnerable Software and Affected Versions Avo versions prior to 3.31.2 Description A broken access control issue exists in the ActionsController due to insecure action lookup logic in the action class function. An authenticated user can execute any Action class that descends from...

8.8CVSS5.9AI score0.0005EPSS
Exploits0References6
EUVD
EUVDadded 2026/03/27 3:30 p.m.4 views

EUVD-2026-16629

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...

7.5CVSS5.6AI score0.00057EPSS
Exploits0References5
NVD
NVDadded 2026/03/27 3:17 p.m.2 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS0.00057EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.5 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Versions of MingSoft MCMS 5.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “catchimage” in the file...

7.5CVSS7.1AI score0.00057EPSS
Exploits0References4
Veracode
Veracodeadded 2024/01/18 12:21 p.m.13 views

Cross Site Scripting (XSS)

avo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of text passed in error or succeed messages within the Avo::BaseAction subclass. An attacker can inject arbitrary JavaScript into the message fields resulting in XSS...

6.5CVSS6.4AI score0.0577EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2024/01/17 10:34 p.m.13 views

GHSA-G8VP-2V5P-9QFH Cross-site scripting (XSS) in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS5.5AI score0.0577EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2023/01/18 12:0 a.m.2 views

PT-2023-9890 · Unknown · Lierdakil Click-Reminder

Name of the Vulnerable Software and Affected Versions: lierdakil click-reminder affected versions not specified Description: A critical issue was found in lierdakil click-reminder, affecting the function db query of the file src/backend/include/BaseAction.php. This issue leads to SQL injection. T...

9.8CVSS6.2AI score0.00297EPSS
Exploits0References8
Rows per page
Query Builder