Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1015 matches found

ATTACKERKB
ATTACKERKBadded 2025/12/17 9:29 p.m.2 views

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

9.1CVSS6.4AI score0.23631EPSS
Exploits3References3Affected Software1
OSV
OSVadded 2025/12/10 10:16 p.m.1 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS6.3AI score0.00541EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/12/10 12:0 a.m.4 views

PT-2025-50529

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15 Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions...

8.8CVSS7.4AI score0.00541EPSS
Exploits1References9
RedhatCVE
RedhatCVEadded 2025/12/09 8:27 a.m.3 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS6.8AI score0.00012EPSS
Exploits0References1
NVD
NVDadded 2025/12/05 6:15 p.m.2 views

CVE-2025-66548

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

5.5CVSS0.00012EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/05 5:26 p.m.2 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.4AI score0.00012EPSS
Exploits0References4
OSV
OSVadded 2025/12/05 5:26 p.m.2 views

CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.7AI score0.00012EPSS
Exploits0References6
CVE
CVEadded 2025/12/05 5:26 p.m.8 views

CVE-2025-66548

The Nextcloud Deck app allows spoofing file extensions by using RTLO characters, causing a mismatch between the displayed and actual extension. Affected versions are prior to 1.12.7, 1.14.4, and 1.15.1; fixes are in 1.12.7, 1.14.4, and 1.15.1. Exploitation details are not provided in the supplied...

5.5CVSS6.4AI score0.00012EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/12/05 5:26 p.m.2 views

EUVD-2025-201466

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension th...

3.3CVSS6.2AI score0.00012EPSS
Exploits0References4
Nextcloud
Nextcloudadded 2025/12/05 7:59 a.m.6 views

Deck app allows to spoof file extensions by using RTLO characters

None...

5.5CVSS5.2AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/05 12:0 a.m.2 views

PT-2025-49297

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.12.7 Nextcloud Deck versions prior to 1.14.4 Nextcloud Deck versions prior to 1.15.1 Description Nextcloud Deck is a kanban style organization tool for personal planning and project organization integrated wi...

5.5CVSS6.5AI score0.00012EPSS
Exploits0References10
EUVD
EUVDadded 2025/11/07 3:2 a.m.2 views

EUVD-2025-37861

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6.4AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.4 views

PT-2025-44026

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, contains a Carriage Return Line Feed CRLF injection flaw...

8.2CVSS6.8AI score0.00108EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2025/10/16 6:12 p.m.5 views

bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

6.9CVSS7AI score0.00036EPSS
Exploits1References4Affected Software1
Snyk
Snykadded 2025/10/07 12:31 a.m.3 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...

5.4CVSS7AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2006-0702

Malware in sbrugna...

7.5CVSS6.4AI score0.03373EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-6592

Malware in sbrugna...

7.5CVSS7.6AI score0.00237EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2006-2249

Malware in sbrugna...

5CVSS6.4AI score0.00572EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-10410

Malware in sbrugna...

4.8CVSS5.5AI score0.00179EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.8 views

EUVD-2013-5018

Malware in sbrugna...

5CVSS6.1AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder