Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

314 matches found

Nuclei
Nucleiadded yesterday19 views

WordPress Candidate Application Form <= 1.3 - Local File Inclusion

WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...

7.5CVSS7.3AI score0.08833EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.14 views

PT-2026-50128

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

9.3CVSS7.3AI score0.00304EPSS
Exploits0References4
CVE
CVEadded 2026/06/15 12:0 a.m.12 views

CVE-2025-68713

Rakuten Send Anywhere for Android (com.estmob.android.sendanywhere, version 23.2.9) is affected. A vulnerability allows untrusted applications with no permissions to trigger arbitrary file downloads into the app’s scoped storage, with downloaded items appearing in the app’s trusted Received inter...

8CVSS6.1AI score0.00284EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/08 6:23 p.m.3 views

EUVD-2026-20572

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/03 12:0 a.m.2 views

Weintek cMT 安全漏洞

Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability. This vulnerability stems from improper access control in the downloadwb.cgi component, which may allow unverified attackers to download...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/01/28 12:0 a.m.3 views

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.13 contained security vulnerabilities. These vulnerabilities stemmed from the Web service component’s ability to allow authenticated remote file...

9.9CVSS6.1AI score0.00538EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 11:38 a.m.5 views

CVE-2003-1335

Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.5 allows remote attackers to download files from locations above the snif directory...

5CVSS7.1AI score0.01549EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:34 a.m.17 views

CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...

7.5CVSS7.1AI score0.01203EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:16 a.m.6 views

CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...

8.8CVSS6.7AI score0.00336EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2025/11/17 12:0 a.m.3 views

Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00281EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2025/11/17 12:0 a.m.7 views

Drupal 11.0.x < 11.1.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00281EPSS
Exploits0References9
Veracode
Veracodeadded 2025/10/29 1:1 p.m.6 views

Man-In-The-Middle (MITM)

Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...

6.9CVSS9AI score0.0013EPSS
Exploits0References5Affected Software2
NVD
NVDadded 2025/10/15 9:15 a.m.16 views

CVE-2025-10312

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS0.00122EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/15 8:25 a.m.8 views

CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS0.00122EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/15 8:25 a.m.3 views

EUVD-2025-34550

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS5.3AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/10/09 12:0 a.m.5 views

PT-2025-41468

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions 2023.3 and 2024.1 Description Newforma Info Exchange NIX utilizes a hard-coded key for encrypting query parameters. Certain encrypted parameter values can define file paths for download, potentially...

6.3CVSS6.8AI score0.00351EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-2784

Malware in sbrugna...

6.5CVSS6.6AI score0.01599EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-16789

Malware in sbrugna...

7.8CVSS8.7AI score0.01232EPSS
Exploits0References18
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-17878

Malware in sbrugna...

6.5CVSS7.9AI score0.0106EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-3128

Malware in sbrugna...

7.5CVSS7.6AI score0.03538EPSS
Exploits0References3
Rows per page
Query Builder