Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86959 matches found

EUVD
EUVDadded 2026/04/29 7:24 p.m.5 views

EUVD-2018-21839

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

9.8CVSS5.2AI score0.00651EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/29 7:24 p.m.29 views

CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

9.8CVSS0.00651EPSS
Exploits1References2
NVD
NVDadded 2026/04/29 6:16 p.m.4 views

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS0.00244EPSS
Exploits1References5
NVD
NVDadded 2026/04/29 5:16 p.m.4 views

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS0.00268EPSS
Exploits1References5
CVE
CVEadded 2026/04/29 5:15 p.m.11 views

CVE-2026-7394

SourceCodester Pizzafy Ecommerce System 1.0 is affected by SQL Injection in the admin/view_order.php file via the id GET parameter. The vulnerability arises from insufficient sanitization before using the parameter in a MySQL query. An authenticated administrator can manipulate this parameter to ...

5.8CVSS5AI score0.00244EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/04/29 5:15 p.m.5 views

CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS5AI score0.00244EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/04/29 5:0 p.m.3 views

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/29 5:0 p.m.2 views

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References5
EUVD
EUVDadded 2026/04/29 5:0 p.m.5 views

EUVD-2026-26265

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References5
Snyk
Snykadded 2026/04/29 4:25 p.m.6 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the logDetailCat function in the Execution Log Handler. An attacker can access unauthorized resources by obtaining a valid logId and sending requests directly to logDetailCat endpoint. Remediation Upgrade...

6.3CVSS5.8AI score0.00418EPSS
Exploits0References2
NVD
NVDadded 2026/04/29 4:16 p.m.6 views

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

5.4CVSS0.00178EPSS
Exploits1References2
NVD
NVDadded 2026/04/29 4:16 p.m.6 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS0.00177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/29 3:39 p.m.1 views

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/04/29 3:39 p.m.8 views

CVE-2026-40230

CVE-2026-40230 (Helpy 2.8.0) : A stored cross-site scripting vulnerability exists in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc. This is tied to Helpy ve...

5.4CVSS5.1AI score0.00178EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/29 3:39 p.m.4 views

EUVD-2026-26245

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/29 3:39 p.m.29 views

CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS0.00178EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/29 3:39 p.m.4 views

CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/29 3:34 p.m.4 views

EUVD-2026-26244

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/29 3:34 p.m.4 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/04/29 3:34 p.m.33 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS0.00177EPSS
Exploits1References2
Rows per page
Query Builder