Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19077 matches found

Cvelist
Cvelistadded 2026/04/08 2:32 p.m.19 views

CVE-2026-39394 CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

8.1CVSS0.00516EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/08 2:32 p.m.1 views

CVE-2026-39394 CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

8.1CVSS6.1AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/08 5:0 a.m.2 views

CVE-2026-31271

megagao productionssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert...

9.8CVSS5.9AI score0.00554EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/08 5:0 a.m.4 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

9.8CVSS5.9AI score0.00577EPSS
Exploits1References1
Exploit DB
Exploit DBadded 2026/04/08 12:0 a.m.185 views

SQLite 3.50.1 - Heap Overflow

Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.sqlite.org Software Link: https://www.sqlite.org/download.html Version: SQLite 3.50....

9.8CVSS6.5AI score0.64893EPSS
Exploits3
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.1 views

PT-2026-31321

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.4.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to arbitrary configuration injection via the .env file. The Install::index controller does not validate the host POST parameter before passing it to...

8.1CVSS6.1AI score0.00516EPSS
Exploits1References8
ATTACKERKB
ATTACKERKBadded 2026/04/07 6:45 p.m.0 views

CVE-2026-5736

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References7
NVD
NVDadded 2026/04/07 6:16 p.m.3 views

CVE-2026-31271

megagao productionssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert...

9.8CVSS0.00554EPSS
Exploits0References1
Veracode
Veracodeadded 2026/04/07 3:46 p.m.5 views

Logic Flaw

KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...

5.3CVSS5.9AI score0.00308EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/04/07 8:43 a.m.6 views

BIT-DISCOURSE-2026-32113 Discourse: Open redirect via `sso_destination_url` cookie in `enter`

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, the enter action in StaticController reads the ssodestinationurl cookie and redirects to it with allowotherhost: true without validating the destination URL. While this...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/07 12:0 a.m.2 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/04/07 12:0 a.m.7 views

PowerJob SQL注入漏洞

PowerJob is an open-source distributed computing and job scheduling framework developed by PowerJob. It allows developers to easily schedule tasks within their applications. Versions 5.1.0, 5.1.1, and 5.1.2 of PowerJob contain SQL injection vulnerabilities. These vulnerabilities stem from incorre...

7.5CVSS7.2AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.8 views

PT-2026-30938

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/07 12:0 a.m.15 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

0.00577EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 12:0 a.m.12 views

CVE-2026-31272

MRCMS 3.1.2 has an access control vulnerability: the save() method in UserController.java lacks proper authorization validation, allowing direct creation of super administrator accounts without authentication. Impact is described as high across confidentiality, integrity, and availability; exploi...

9.8CVSS5.9AI score0.00577EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/04/06 9:2 p.m.2 views

EUVD-2026-19496

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The...

5.1CVSS6AI score0.00224EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/06 5:33 p.m.5 views

EUVD-2026-19412

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:33 p.m.2 views

CVE-2026-35164 Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/06 10:57 a.m.3 views

CVE-2026-5561

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/05 12:30 p.m.4 views

EUVD-2026-19069

A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References6
Rows per page
Query Builder