Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/05/09 4:16 p.m.7 views

CVE-2026-8188

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...

8.8CVSS0.00088EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/02/16 4:32 a.m.26 views

CVE-2026-2535 Comfast CF-N1 V2 mbox-config sub_44AB9C command injection

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS0.00517EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/16 4:32 a.m.5 views

CVE-2026-2535 Comfast CF-N1 V2 mbox-config sub_44AB9C command injection

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS5.5AI score0.00517EPSS
Exploits1References4
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.4 views

WordPress Digihood HTML Sitemap plugin <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' vulnerability

Reflected Cross-Site Scripting via 'channel' vulnerability discovered by vgo0 in WordPress Plugin Digihood HTML Sitemap versions = 3.1.1...

6.1CVSS5.4AI score0.0052EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-19738

Malware in sbrugna...

7.5CVSS7.6AI score0.02945EPSS
Exploits2References5
Hacker One
Hacker Oneadded 2019/07/25 10:56 a.m.16 views

WordPress: Reflected XSS on https://make.wordpress.org via 'channel' parameter

Hi there, I just found a reflected XSS on make.wordpress.org domain. steps to reproduce : 1. visit this link : https://make.wordpress.org/chat/logs?channel=16%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain%3E&date=2019-07-21&nobots=1 2. xss pop up will occurs POC: see:wp reflected xss.png Not...

1.7AI score
Exploits0
CNVD
CNVDadded 2016/01/06 12:0 a.m.1 views

SQL Injection Vulnerability in 'channel' Parameter of Founder Xiangyu Web Content Management System

Founder Xiangyu website content management system is a full-process management platform for website information publishing. A SQL injection vulnerability exists in the Founder Xiangyu Web Content Management System. The lack of filtering of the 'channel' parameter allows an attacker to exploit the...

7.6AI score
Exploits0References1
NVD
NVDadded 2015/05/15 6:59 p.m.22 views

CVE-2015-2250

Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...

4.3CVSS5.7AI score0.00368EPSS
Exploits2References6
Rows per page
Query Builder