Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25017 matches found

CVE
CVEadded 2026/04/20 12:0 a.m.5 views

CVE-2026-39112

CVE-2026-39112 : Cross-Site Scripting in Apartment Visitors Management System V1.1. The vulnerability is in the visname parameter of visitors-form.php; an authenticated attacker can inject arbitrary JavaScript that executes when viewing the input in manage-newvisitors.php or visitor-detail.php. E...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References3
NVD
NVDadded 2026/04/19 11:16 p.m.8 views

CVE-2026-6581

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now...

9CVSS0.00445EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/19 9:30 a.m.5 views

EUVD-2026-23690

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

9CVSS7.7AI score0.00481EPSS
Exploits0References5
NVD
NVDadded 2026/04/19 9:16 a.m.4 views

CVE-2026-6563

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

9CVSS0.00481EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/19 12:0 a.m.7 views

H3C Magic B0 安全漏洞

H3C Magic B0 is a small wireless router produced by H3C Corporation. Versions of H3C Magic B0 including the 100R002 model had security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters in the file/goform/aspForm, which could lead to buffer overflows...

9CVSS7.5AI score0.00481EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/04/18 7:39 p.m.161 views

Exploit for CVE-2026-4257

⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...

9.8CVSS6.5AI score0.41475EPSS
Exploits7
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/18 7:33 a.m.9 views

Malicious code in react-hook-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...

5.7AI score
Exploits0References1
OSV
OSVadded 2026/04/18 7:33 a.m.18 views

MAL-2026-2853 Malicious code in react-hook-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ae372e5061ef357237d48a7812ca65bbc3a49b8a57153df5812d17e9d8eeaa The package react-hook-form was found to contain malicious code. Source: ghsa-malware 5aa9ba7a4ea0b89453bdd073b8ffb80b6e3baab6684d5652a1e898c2bacb5a6...

5.7AI score
Exploits0References1
CNNVD
CNNVDadded 2026/04/18 12:0 a.m.9 views

python-multipart 安全漏洞

Python-Multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of Python-Multipart prior to 0.0.26 contained security vulnerabilities. These vulnerabilities occurred when parsing specially crafted multipart/form-data requests, where large leading or...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/18 12:0 a.m.8 views

PT-2026-37109

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...

8.8CVSS6.1AI score0.00342EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/17 10:31 p.m.8 views

EUVD-2026-23575

Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and...

5.4CVSS5.7AI score0.00207EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/17 10:31 p.m.4 views

CVE-2026-40479

Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and...

5.4CVSS5.7AI score0.00207EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/04/17 6:31 p.m.19 views

EUVD-2026-23459

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References7
EUVD
EUVDadded 2026/04/17 6:31 p.m.3 views

EUVD-2026-23458

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile POST values as the source of truth for email attachment...

7.5CVSS5.8AI score0.0069EPSS
Exploits0References6
NVD
NVDadded 2026/04/17 6:16 p.m.15 views

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS0.04175EPSS
Exploits3References7
ATTACKERKB
ATTACKERKBadded 2026/04/17 5:25 p.m.4 views

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References9
Cvelist
Cvelistadded 2026/04/17 5:25 p.m.51 views

CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS0.04175EPSS
Exploits3References7
CVE
CVEadded 2026/04/17 5:25 p.m.41 views

CVE-2026-5718

CVE-2026-5718 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (CF7) up to version 1.3.9.6, with a remote code execution risk due to two independent logic flaws: (1) a blacklist-type bypass where a custom blacklist replaces rather than merges with the default dan...

8.1CVSS6.2AI score0.04175EPSS
In wildExploits3References7
Vulnrichment
Vulnrichmentadded 2026/04/17 5:25 p.m.3 views

CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References7
ATTACKERKB
ATTACKERKBadded 2026/04/17 5:25 p.m.4 views

CVE-2026-5710

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile POST values as the source of truth for email attachment...

7.5CVSS5.8AI score0.0069EPSS
Exploits0References6
Rows per page
Query Builder