Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3832 matches found

EUVD
EUVDadded 2026/04/07 7:56 p.m.1 views

EUVD-2026-19918

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

9.3CVSS6AI score0.00022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 7:56 p.m.3 views

CVE-2026-39382

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

9.3CVSS6AI score0.00022EPSS
Exploits0References3
CVE
CVEadded 2026/04/07 7:56 p.m.6 views

CVE-2026-39382

In CVE-2026-39382, the vulnerability arises in a dbt workflow where the prep job uses peter-evans/find-comment to fetch a comment-body, which is then interpolated into a shell command without escaping. This allows attacker-controlled text to break out of quotes and inject arbitrary shell commands...

9.3CVSS6AI score0.00022EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/07 7:56 p.m.19 views

CVE-2026-39382 dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

9.3CVSS0.00022EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.4 views

PT-2026-31009

Name of the Vulnerable Software and Affected Versions dbt affected versions not specified Description dbt allows data analysts and engineers to transform data using software engineering practices. A command injection issue exists in the workflow located at...

9.3CVSS6AI score0.00022EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/06 10:57 a.m.3 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.00015EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/05 9:30 p.m.3 views

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS6.1AI score0.00027EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/05 8:45 p.m.17 views

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS0.00027EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/05 8:45 p.m.1 views

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS6.1AI score0.00027EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/04/05 8:45 p.m.4 views

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

8.8CVSS6.1AI score0.00027EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/05 8:45 p.m.2 views

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS6.1AI score0.00027EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.3 views

PT-2026-30481

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS6.1AI score0.00027EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/04 1:51 p.m.21 views

CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...

6.4CVSS0.0001EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/04 1:51 p.m.4 views

CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment

MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...

6.4CVSS5.9AI score0.0001EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/04 12:0 a.m.4 views

MyBB My Arcade Plugin 跨站脚本漏洞

The MyBB My Arcade Plugin is a forum download plugin developed by MyBB Corporation. Version 1.3 of the MyBB My Arcade Plugin contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of input data in the arcade game score comment field, which may allow...

6.4CVSS5.6AI score0.0001EPSS
Exploits1References3
NVD
NVDadded 2026/04/03 11:17 p.m.1 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS0.00015EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:31 p.m.0 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.00015EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:31 p.m.1 views

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.00015EPSS
Exploits1References2
CVE
CVEadded 2026/04/03 10:31 p.m.8 views

CVE-2026-34229

CVE-2026-34229 affects Emlog prior to version 2.6.8, with a stored XSS in the comment module triggered via bypass of URI scheme validation. The underlying issue is a URI scheme validation bypass, allowing injection of script payloads into comments. The vulnerability is addressed in version 2.6.8 ...

6.1CVSS5.7AI score0.00015EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/03 10:31 p.m.17 views

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS0.00015EPSS
Exploits1References2
Rows per page
Query Builder