Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/11/25 12:17 a.m.9 views

CVE-2025-13574

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

7.2CVSS6.7AI score0.00074EPSS
Exploits1References1
OSV
OSVadded 2025/08/26 2:15 a.m.2 views

CVE-2025-9438

A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/addstudent.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The...

6.1CVSS4.2AI score0.00086EPSS
Exploits1References4
CVE
CVEadded 2025/08/26 1:32 a.m.16 views

CVE-2025-9438

CVE-2025-9438 affects 1000projects Online Project Report Submission and Evaluation System version 1.0. The vulnerability is a cross-site scripting flaw triggered by manipulating the address argument in the /admin/add_student.php function/file. It can be exploited remotely, and public exploits hav...

6.1CVSS6.5AI score0.00086EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2022/11/28 12:0 a.m.3 views

BossCMS 跨站请求伪造漏洞

Wenzhou Huoyin Information Technology BossCMS is a content management system based on MySQL architecture of self-developed PHP framework by Wenzhou Huoyin Information Technology. A security vulnerability exists in BossCMS v2.0.0, which was discovered through the add function under the administrat...

6.5CVSS6.3AI score0.00101EPSS
Exploits1References2
OSV
OSVadded 2021/06/22 3:15 p.m.0 views

CVE-2020-18648

Cross Site Request Forgery CSRF in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMSv1.0/admin/index.php?c=administrator&a=add"...

8.8CVSS7.3AI score0.00277EPSS
Exploits1References2
CNVD
CNVDadded 2019/01/03 12:0 a.m.3 views

Ivan Cordoba Generic Content Management System Cross-Site Scripting Vulnerability

Ivan Cordoba Generic Content Management System CMS is a content management system CMS based on MySQL and PHP. A cross-site scripting vulnerability exists in the Administrator/addpictures.php file in Ivan Cordoba Generic CMS on 2018-04-28 and earlier versions, which can be exploited by a remote...

4.8CVSS6.6AI score0.00235EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2016/11/10 12:0 a.m.40 views

4images 1.7.13 SQL Injection

vulnerable app : 4images query$sql; Input parameter orderby is not sanitized before being passed to the sql query which lead to sql injection flaw POC GET /lab/4images1.7.13/4images/admin/validateimages.php?action=validateimages&orderby=extractvalue1,concat0x7e,version&direction=ASC&limitnumber=1...

0.3AI score
Exploits0
exploitpack
exploitpackadded 2016/11/10 12:0 a.m.25 views

4Images 1.7.13 - SQL Injection

4Images 1.7.13 - SQL Injection vulnerable app : 4images query$sql; Input parameter orderby is not sanitized before being passed to the sql query which lead to sql injection flaw POC GET...

0.3AI score
Exploits0
Rows per page
Query Builder