Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/06/06 9:15 a.m.38 views

CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
CVE
CVEadded 2026/06/06 9:15 a.m.30 views

CVE-2026-11406

GL.iNet MT3000 (up to firmware 4.4.5) is affected by a command-injection vulnerability in the ovpnclient.sh component of the OpenVPN Client Import Workflow. Remote exploitation is possible; exploit details have been publicly disclosed. Upgrading to 4.9.0_beta3-1012-0513-1778656146 resolves the is...

6.5CVSS6.3AI score0.0123EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/06/06 12:0 a.m.6 views

GL.iNet MT3000 命令注入漏洞

The GL.iNet MT3000 is a portable router from the company GL.iNet, which uses the Wi-Fi 6 protocol. Versions of GL.iNet MT3000 prior to 4.4.5 have a command injection vulnerability. This vulnerability stems from the OpenVPN client’s import workflow, where the ovpnclient.sh file contains a command...

6.5CVSS6.5AI score0.0123EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/04 1:5 p.m.8 views

EUVD-2026-34259

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/21 12:46 p.m.4 views

CVE-2019-25553

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during t...

6.9CVSS6AI score0.00169EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2025/11/20 12:0 a.m.8 views

CVE-2025-64027

Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...

0.00215EPSS
Exploits2References2
OSV
OSVadded 2020/12/14 8:15 p.m.3 views

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

6.1CVSS6.2AI score0.05508EPSS
Exploits3References4
Prion
Prionadded 2020/12/14 8:15 p.m.15 views

Cross site scripting

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

4.3CVSS5.9AI score0.05508EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder