Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

812 matches found

Nuclei
Nucleiadded yesterday24 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS8AI score0.67516EPSS
Exploits4References5
OSV
OSVadded 2026/02/05 5:16 p.m.4 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS6.6AI score
Exploits0References3
Cvelist
Cvelistadded 2026/02/05 4:13 p.m.29 views

CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/05 4:13 p.m.5 views

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00246EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/02/05 4:13 p.m.5 views

EUVD-2020-31043

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

5.1CVSS5.5AI score0.00246EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/05 4:13 p.m.28 views

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS0.00541EPSS
Exploits1References3
CVE
CVEadded 2026/02/05 4:13 p.m.7 views

CVE-2020-37137

CVE-2020-37137 affects PHP-Fusion 9.03.50. The vulnerability is a remote code execution in the add_panel_form() path where eval() executes unsanitized POST data (panel_content) sent to the panels.php admin endpoint. This can enable arbitrary code execution by an attacker who crafts panel_content ...

9.8CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/05 4:13 p.m.2 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/05 4:13 p.m.5 views

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.6 views

PT-2026-6580

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 9:56 a.m.7 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

5.4CVSS5.9AI score0.00582EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.10 views

CVE-2020-12708

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...

6.1CVSS6.3AI score0.01628EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.8 views

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

8.8CVSS8.1AI score0.01699EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:54 a.m.7 views

CVE-2020-23184

A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...

5.4CVSS5.4AI score0.00447EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:28 a.m.5 views

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

9CVSS7.7AI score0.17512EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2009-3102

Malware in sbrugna...

7.5CVSS6.4AI score0.00993EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-16495

Malware in sbrugna...

9.6CVSS9.3AI score0.0155EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-15935

Malware in sbrugna...

5.4CVSS5.5AI score0.00518EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-15938

Malware in sbrugna...

5.4CVSS5.5AI score0.00447EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-9402

Malware in sbrugna...

6.1CVSS6.3AI score0.008EPSS
Exploits1References2
Rows per page
Query Builder