Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/15 7:57 p.m.3 views

CVE-2026-45053

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVDadded 2026/03/18 5:16 p.m.1 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

6.1CVSS0.00039EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/18 12:0 a.m.19 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

0.00039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/18 12:0 a.m.1 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

5.8AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/09/17 12:0 a.m.1 views

PT-2024-31969 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was discovered in FrogCMS. The vulnerability can be exploited via the "/admin/?/plugin/file manager/create directory" endpoint. This allows an attacker to perform...

8.8CVSS6.4AI score0.00135EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2024/01/19 12:0 a.m.2 views

PT-2024-14334 · Actidata · Actinas Sl 2U-8 Rdx

Name of the Vulnerable Software and Affected Versions: actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1 Description: A Site-wide directory listing issue in the /fm endpoint allows remote attackers to list the files hosted by the web application. This issue enables attackers to gain unauthorized...

7.5CVSS7.7AI score0.0018EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2019/05/21 12:0 a.m.2 views

PT-2019-12689 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.747 Description: A cross-site scripting XSS issue was found in the CentOS Web Panel. The issue is related to the fm current dir or filename parameter in the testacc/fileManager2.php endpoint...

5.4CVSS5.2AI score0.00206EPSS
Exploits1References2
Rows per page
Query Builder