Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

76 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:17 a.m.4 views

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

8.1CVSS6.9AI score0.00297EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-18484

Malware in sbrugna...

9CVSS8.7AI score0.01493EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-46984

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00165EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-6021

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00828EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-46985

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00165EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-52836

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 7:40 a.m.5 views

CVE-2024-55653

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a UnhandledPromiseRejection on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the...

6.5CVSS6.7AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 12:18 a.m.10 views

CVE-2022-45771

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...

8.8CVSS7.8AI score0.3031EPSS
Exploits3References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:59 p.m.6 views

CVE-2022-44022

PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts...

5.3CVSS7.2AI score0.00165EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:52 p.m.1 views

CVE-2021-31590

PwnDoc all versions until 0.4.0 2021-08-23 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a...

9CVSS7.2AI score0.01493EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/03/02 9:19 p.m.12 views

CVE-2025-27410

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

6.5CVSS8.3AI score0.16504EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/03/02 9:18 p.m.7 views

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS7.5AI score0.00828EPSS
Exploits1References1
NVD
NVDadded 2025/02/28 9:15 p.m.6 views

CVE-2025-27410

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

6.5CVSS0.16504EPSS
Exploits1References4
NVD
NVDadded 2025/02/28 9:15 p.m.7 views

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS0.00828EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/02/28 9:2 p.m.7 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS0.00828EPSS
Exploits1References6
OSV
OSVadded 2025/02/28 9:2 p.m.7 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS7.3AI score0.00828EPSS
Exploits1References8
CVE
CVEadded 2025/02/28 9:2 p.m.53 views

CVE-2025-27413

Summary of CVE-2025-27413 (PwnDoc) : Prior to version 1.2.0, PwnDoc’s backup restore functionality accepts raw data containing Path Traversal sequences (../). The template update process uses the database path to write content, which can overwrite source code and enable Remote Code Execution (RCE...

6.5CVSS7.6AI score0.00828EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2025/02/28 9:2 p.m.6 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS6.8AI score0.00828EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/02/28 9:0 p.m.27 views

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

6.5CVSS0.16504EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/02/28 9:0 p.m.9 views

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

6.5CVSS7.2AI score0.16504EPSS
Exploits1References4
Rows per page
Query Builder