Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-3625

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.0032EPSS
Exploits0References12
OSV
OSVadded 2024/07/10 8:15 p.m.0 views

UBUNTU-CVE-2024-37148

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...

8.1CVSS5.9AI score0.05259EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2024/06/03 12:0 a.m.26 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

8.8CVSS9AI score0.13049EPSS
Exploits1References4
OSV
OSVadded 2022/05/13 1:12 a.m.16 views

GHSA-CRCQ-PW8H-9XWF Moodle does not provide charset information in HTTP headers

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

4.3CVSS5.5AI score0.0032EPSS
Exploits0References11
Prion
Prionadded 2014/11/24 11:59 a.m.11 views

Cross site scripting

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

4.3CVSS6AI score0.0032EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCveadded 2014/11/24 11:59 a.m.24 views

CVE-2014-9059

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

4.3CVSS5.9AI score0.0032EPSS
Exploits0References2
CVE
CVEadded 2014/11/24 11:0 a.m.50 views

CVE-2014-9059

CVE-2014-9059 affects Moodle builds up to 2.7.3 (and older 2.4.x–2.6.x ranges shown in sources). The vulnerability is that lib/setup.php does not emit charset information in HTTP headers, which could allow remote attackers to perform cross-site scripting (XSS) using UTF-7 characters during intera...

4.3CVSS5.7AI score0.0032EPSS
Exploits0References5Affected Software1
Mageia
Mageiaadded 2014/11/22 10:54 a.m.28 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS6.5AI score0.00734EPSS
Exploits0References17
Rows per page
Query Builder