Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

903 matches found

RedhatCVE
RedhatCVEadded 2025/07/20 7:0 p.m.11 views

CVE-2025-7800

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

5.1CVSS3.9AI score0.00227EPSS
Exploits0References1
NVD
NVDadded 2025/07/18 7:15 p.m.5 views

CVE-2025-7800

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

5.1CVSS0.00227EPSS
Exploits0References3
CVE
CVEadded 2025/07/18 6:32 p.m.13 views

CVE-2025-7800

CVE-2025-7800 affects cgpandey hotelmis (admin.php) with a vulnerability in the HTTP GET Request Handler: manipulation of the Search parameter enables cross-site scripting. The issue is exploitable remotely and is tied to versions prior to c572198e6c4780fccc63b1d3e8f3f72f825fc94e6. PT-Security no...

5.1CVSS3.9AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/07/18 6:32 p.m.9 views

CVE-2025-7800 cgpandey hotelmis HTTP GET Request admin.php cross site scripting

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting...

5.1CVSS0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/07/16 12:0 a.m.2 views

PT-2025-29888 · Unknown · Rips Scanner

Name of the Vulnerable Software and Affected Versions: RIPS Scanner version 0.54 Description: A path traversal vulnerability exists that allows remote attackers to read arbitrary files on the system with the privileges of the web server. This is achieved by sending crafted HTTP GET requests to th...

8.7CVSS6.5AI score0.01461EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2025/07/09 5:3 p.m.4 views

CVE-2025-53531

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...

8.7CVSS6.2AI score0.00392EPSS
Exploits1References1
NVD
NVDadded 2025/07/07 5:15 p.m.6 views

CVE-2025-53531

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...

8.7CVSS0.00392EPSS
Exploits1References1
OSV
OSVadded 2025/07/07 5:0 p.m.5 views

CVE-2025-53530 WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to...

8.7CVSS6.6AI score0.00392EPSS
Exploits1References3
NVD
NVDadded 2025/07/03 8:15 p.m.5 views

CVE-2025-34086

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

8.8CVSS0.02148EPSS
Exploits1References6
NVD
NVDadded 2025/06/26 4:15 p.m.4 views

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

9.4CVSS0.04597EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/06/13 6:15 p.m.4 views

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

5.9CVSS5.8AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/06/12 12:0 a.m.4 views

CVE-2025-46035

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint...

7.3AI score0.00716EPSS
Exploits1References3
CVE
CVEadded 2025/06/12 12:0 a.m.43 views

CVE-2025-46035

CVE-2025-46035 outlines a buffer overflow in the Tenda AC6 router (v15.03.05.16) triggered by oversized schedStartTime and schedEndTime values in an unauthenticated HTTP GET to /goform/openSchedWifi, leading to a denial of service. Affected product is Tenda AC6; the issue stems from inadequate in...

7.5CVSS7.3AI score0.00716EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2025/06/11 6:15 p.m.10 views

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

5.9CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/06/11 5:49 p.m.19 views

CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

5.9CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/06/11 5:49 p.m.8 views

CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

5.9CVSS7.5AI score0.00321EPSS
Exploits0References1
CVE
CVEadded 2025/06/11 5:49 p.m.47 views

CVE-2025-49150

Cursor is vulnerable prior to version 0.51.0 due to json.schemaDownload.enable being True by default. When a JSON file is written, an attacker can trigger an arbitrary HTTP GET request without user confirmation, and because the Cursor Agent can edit JSON files, this can enable data exfiltration i...

5.9CVSS7.5AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/11 12:0 a.m.4 views

PT-2025-25236 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.51.0 Description: The issue allows an attacker to trigger an arbitrary HTTP GET request without user confirmation by writing a JSON file. This could potentially be used to exfiltrate data if a malicious agent gains...

5.9CVSS6.8AI score0.00321EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/31 12:47 p.m.11 views

CVE-2025-48046

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...

5.3CVSS7.2AI score0.00479EPSS
Exploits0References1
NVD
NVDadded 2025/05/29 1:15 p.m.24 views

CVE-2025-48046

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...

5.3CVSS0.00479EPSS
Exploits0References1
Rows per page
Query Builder