Lucene search
K

15 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.29 views

VulnCheck KEV: CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
In wildExploits10References5
EUVD
EUVD
added 2026/03/24 9:31 p.m.3 views

EUVD-2026-14955

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

8.7CVSS6.1AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1593

Malicious code in bioql PyPI...

9CVSS8.7AI score0.00917EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/23 12:21 a.m.19 views

CVE-2024-57490

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw...

7.7CVSS6.9AI score0.00398EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/10 3:29 p.m.55 views

Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

9.6CVSS5.4AI score0.00963EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/03/08 2:33 p.m.43 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS7.7AI score0.00188EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/09/24 6:47 p.m.18 views

Mail.ru: XSS Stored on https://seedr.ru

Site: https://seedr.ru/ OS version: Windows 10 browser: Google chrome Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. I changed my nickname to a code that demonstrates the...

5.9AI score
Exploits0
OSV
OSV
added 2020/12/11 7:15 p.m.5 views

CVE-2020-5948

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

9.6CVSS6.8AI score0.00978EPSS
Exploits0References1
Prion
Prion
added 2018/04/17 8:29 p.m.33 views

Security feature bypass

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery...

5.8CVSS8.6AI score0.01106EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/04/11 2:29 p.m.3 views

CVE-2016-10258

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code...

6.8CVSS5.9AI score0.04936EPSS
Exploits2References3
Hacker One
Hacker One
added 2016/07/18 2:39 p.m.20 views

Uber: Stored XSS on developer.uber.com via admin account compromise

Hi, Anyone can add themselves as an administrator on the readme.io uber project that powers developer.uber.com/documentation To replicate this, first fetch https://uber.readme.io/inactiveand and grab Uber's project ID from the source: 578cd33dc27ce20e004e397b Then, using this ID, create a normal...

0.4AI score
Exploits0
0day.today
0day.today
added 2012/04/30 12:0 a.m.20 views

Opial CMS v2.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video downloads website, in 10 seconds you will be able to install opial ...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/08/02 12:0 a.m.18 views

Oracle 1 0 & 11g exp.exe 0day stack overflow-vulnerability warning-the black bar safety net

Just being bored, I found a Oracle 11g database, there is a bit of high impact but low likleyhood of 0day attacks. The vulnerability is the Oracle export utility on the command line to specify the parameter file inside the“file”field within the analysis. The EXPORT utility as privileged code...

Exploits0
Packet Storm
Packet Storm
added 2000/08/16 12:0 a.m.30 views

ie5-msn.exec.txt

This is a multi-part message in MIME format. --------------CEF2E6A38C7BDB5B012ADFB8 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Georgi Guninski security advisory 18, 2000 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking...

Exploits0
securityvulns
securityvulns
added 2000/08/15 12:0 a.m.50 views

local Administrator compromise at least on default Windows 2000

Georgi Guninski security advisory 18, 2000 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Systems affected: For remote file execution: IE 5.5,5.x/Windows 98, the files must be...

0.4AI score
Exploits0
Rows per page
Query Builder