Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21991 matches found

NVD
NVDadded 2026/04/20 4:16 p.m.1 views

CVE-2026-6650

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 3:0 p.m.3 views

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS5.3AI score0.00244EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/20 2:30 p.m.8 views

CVE-2026-6650

Z-BlogPHP 1.7.5 contains a vulnerability in the App::UnPack function of /zb_users/plugin/AppCentre/app_upload.php (ZBA File Handler) that allows unrestricted file upload. Impact is described as unrestricted upload with network/remote initiation; exploitation is publicly available per the CVE entr...

5.8CVSS5.4AI score0.00223EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/20 2:30 p.m.32 views

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/20 2:30 p.m.4 views

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

5.8CVSS5.4AI score0.00223EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/20 12:32 p.m.3 views

EUVD-2026-23814

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/20 12:32 p.m.3 views

EUVD-2026-23822

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References5
OSV
OSVadded 2026/04/20 12:32 p.m.2 views

GHSA-5PV2-86QJ-5JF9 Cockpit has NoSQL Injection Through Content Aggregation Pipelines

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.3CVSS6.2AI score0.00232EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2026/04/20 12:32 p.m.7 views

Cockpit has NoSQL Injection Through Content Aggregation Pipelines

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References6Affected Software1
Snyk
Snykadded 2026/04/20 11:13 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the Asset Handler and Aggregate Handler components. An attacker can access, modify, or disrupt sensitive data by injecting specially crafted elements into data query...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References2
NVD
NVDadded 2026/04/20 10:16 a.m.3 views

CVE-2026-6623

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS0.00206EPSS
Exploits0References4
NVD
NVDadded 2026/04/20 10:16 a.m.6 views

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

4.8CVSS0.00206EPSS
Exploits0References4
NVD
NVDadded 2026/04/20 10:16 a.m.2 views

CVE-2026-6626

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS0.00232EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/20 9:45 a.m.31 views

CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS0.00232EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 9:45 a.m.3 views

CVE-2026-6626

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/20 9:45 a.m.1 views

CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References4
CVE
CVEadded 2026/04/20 9:45 a.m.6 views

CVE-2026-6626

Technical details are not publicly provided in the supplied documents. The CVE affects Cockpit-HQ Cockpit up to 2.13.5 (Asset Handler/Aggregate Handler data query logic); remote exploit claimed. Monitor for updates.

6.5CVSS6.2AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/20 9:0 a.m.30 views

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 9:0 a.m.2 views

CVE-2026-6623

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/20 9:0 a.m.8 views

CVE-2026-6623

CVE-2026-6623 affects BichitroGan ISP Billing Software 2025.3.20. The issue is a cross-site scripting vulnerability in the Profile Page Handler, triggered by manipulating the file path /?_route=settings/users-view/. The attack could be carried out remotely, with the CVSS indicating network access...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References4
Rows per page
Query Builder