Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

53169 matches found

EUVD
EUVDadded 2026/05/10 3:31 p.m.5 views

EUVD-2022-55983

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/10 3:31 p.m.4 views

EUVD-2021-34800

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS6.7AI score0.00368EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/10 3:31 p.m.2 views

EUVD-2021-34799

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.0027EPSS
Exploits0References5
Snyk
Snykadded 2026/05/10 2:19 p.m.5 views

Arbitrary Code Injection

Overview evolutioncms/evolution is an Evolution CMS is a Content Management System, ex MODX Evolution Affected versions of this package are vulnerable to Arbitrary Code Injection via the post parameter in the module creation process. An attacker can execute arbitrary system commands by injecting...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
NVD
NVDadded 2026/05/10 1:16 p.m.9 views

CVE-2022-50967

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET request...

6.1CVSS0.00042EPSS
Exploits0References4
NVD
NVDadded 2026/05/10 1:16 p.m.4 views

CVE-2022-50966

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS0.00042EPSS
Exploits0References4
NVD
NVDadded 2026/05/10 1:16 p.m.7 views

CVE-2022-50963

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS0.00042EPSS
Exploits0References4
NVD
NVDadded 2026/05/10 1:16 p.m.7 views

CVE-2022-50962

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS0.00042EPSS
Exploits0References4
NVD
NVDadded 2026/05/10 1:16 p.m.7 views

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS0.00368EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/10 12:43 p.m.3 views

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS6.7AI score0.00368EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/10 12:43 p.m.6 views

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS6.7AI score0.00368EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/10 12:43 p.m.24 views

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS0.00368EPSS
Exploits0References4
CVE
CVEadded 2026/05/10 12:43 p.m.6 views

CVE-2021-47939

Evolution CMS 3.1.6 is affected by an authenticated remote code execution vulnerability. Attackers with module-creation permissions can inject PHP code into module parameters and trigger execution by sending POST requests to /manager/index.php with malicious code in the post parameter. This can l...

8.8CVSS6.7AI score0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/10 12:13 p.m.3 views

CVE-2022-50968 uBidAuction 2.0.1 auctions manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/10 12:12 p.m.3 views

CVE-2022-50966

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/10 12:12 p.m.6 views

CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/10 12:12 p.m.28 views

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS0.00042EPSS
Exploits0References4
CVE
CVEadded 2026/05/10 12:12 p.m.7 views

CVE-2022-50965

CVE-2022-50965 affects uBidAuction 2.0.1, specifically the posts/manage module. The vulnerability is a reflected cross-site scripting flaw where the filter functionality fails to sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scr...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/10 12:12 p.m.28 views

CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS0.00042EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/10 12:12 p.m.2 views

CVE-2022-50963

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder