Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

CNNVD
CNNVDadded 2025/11/08 12:0 a.m.2 views

BaoTa SQL注入漏洞

BaoTa is a Linux Ops panel by an individual developer at aapanel.com. A SQL injection vulnerability exists in BaoTa version 11.1.0 and earlier, which stems from incorrect manipulation of the parameter Name in the file /database?action=GetDatabaseAccess, which could lead to a SQL injection attack...

5.8CVSS5.5AI score0.00031EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-3359

Malware in sbrugna...

6.5CVSS5.8AI score0.00179EPSS
Exploits0References4
OSV
OSVadded 2025/07/17 4:15 p.m.0 views

CVE-2025-52046

Totolink A3300R V17.0.0cu.596B20250515 was found to contain a command injection vulnerability in the sub4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

9.8CVSS6.1AI score0.62318EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/04/22 12:0 a.m.3 views

PT-2025-17583 · Labvantage · Labvantage

Name of the Vulnerable Software and Affected Versions: LabVantage versions prior to 8.8.0.13 HF6 Description: The issue allows local file inclusion, enabling authenticated users to retrieve arbitrary files from the environment. This is achieved via the objectname request parameter. Recommendation...

9.8CVSS6.2AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2024/01/17 12:0 a.m.2 views

PT-2024-14504 · Examsys · Examsys

Name of the Vulnerable Software and Affected Versions: ExamSys version 9150244 Description: The issue allows SQL Injection via the "/Support/action/Pages.php" endpoint, specifically through the s score2 parameter. This enables potential attackers to inject malicious SQL code, which could lead to...

7.5CVSS7.8AI score0.00081EPSS
Exploits1References8
Github Security Blog
Github Security Blogadded 2022/05/24 5:37 p.m.10 views

MantisBT SQL Injection via mc_project_get_users function

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...

6.5CVSS8.5AI score0.01737EPSS
Exploits3References5Affected Software1
Snyk
Snykadded 2022/05/24 5:37 p.m.1 views

SQL Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the mcprojectgetusers function. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL command...

6.5CVSS7.9AI score0.01737EPSS
Exploits3References2
CNNVD
CNNVDadded 2021/12/09 12:0 a.m.1 views

Gryphon Tower 跨站脚本漏洞

A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...

6.1CVSS5.2AI score0.11461EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2021/01/04 12:0 a.m.324 views

Mantis Bug Tracker 2.24.3 SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

0.2AI score0.01737EPSS
Exploits3
CNVD
CNVDadded 2020/12/31 12:0 a.m.2 views

MantisBT SQL Injection Vulnerability (CNVD-2021-01533)

MantisBT is a lightweight, free and open source, web-based defect tracking system. A SQL injection vulnerability exists in the "access" parameter of the mcprojectgetusers function in MantisBT 2.24.3. An attacker can exploit this vulnerability via API SOAP to conduct SQL injection attacks...

6.5CVSS8AI score0.01737EPSS
Exploits3References1
Packet Storm
Packet Stormadded 2010/12/06 12:0 a.m.20 views

Flash Player (Flash6.ocx) Denial Of Service

PARAM NAME="AllowScriptAccess"...

0.5AI score
Exploits0
Rows per page
Query Builder