Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

810 matches found

Nuclei
Nucleiadded 3 days ago21 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS7.4AI score0.91365EPSS
Exploits4References5
OSV
OSVadded 2026/02/05 5:16 p.m.1 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS6.6AI score
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/05 4:13 p.m.3 views

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00014EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/02/05 4:13 p.m.25 views

CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS0.00014EPSS
Exploits0References3
EUVD
EUVDadded 2026/02/05 4:13 p.m.2 views

EUVD-2020-31043

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00014EPSS
Exploits0References3
CVE
CVEadded 2026/02/05 4:13 p.m.5 views

CVE-2020-37137

CVE-2020-37137 affects PHP-Fusion 9.03.50. The vulnerability is a remote code execution in the add_panel_form() path where eval() executes unsanitized POST data (panel_content) sent to the panels.php admin endpoint. This can enable arbitrary code execution by an attacker who crafts panel_content ...

9.8CVSS6.7AI score0.00035EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/05 4:13 p.m.1 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00035EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/02/05 4:13 p.m.23 views

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS0.00035EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/02/05 4:13 p.m.4 views

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00035EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.4 views

PT-2026-6580

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...

8.6CVSS6.7AI score0.00035EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 9:56 a.m.5 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

5.4CVSS5.9AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.7 views

CVE-2020-12708

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...

6.1CVSS6.3AI score0.0079EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.5 views

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

8.8CVSS8.1AI score0.00164EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:54 a.m.4 views

CVE-2020-23184

A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...

5.4CVSS5.4AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:28 a.m.2 views

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

9CVSS7.7AI score0.45961EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2009-0828

Malware in sbrugna...

6CVSS6.4AI score0.00539EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2007-1972

Malware in sbrugna...

7.5CVSS6.4AI score0.01347EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2010-4756

Malware in sbrugna...

7.5CVSS6.4AI score0.01135EPSS
Exploits1References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-7169

Malware in sbrugna...

4.8CVSS5.2AI score0.00235EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-15937

Malware in sbrugna...

5.4CVSS5.5AI score0.00481EPSS
Exploits1References2
Rows per page
Query Builder