Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-11397

Malware in sbrugna...

9.3CVSS8.4AI score0.00258EPSS
Exploits0References2
NVD
NVDadded 2022/06/02 2:15 p.m.7 views

CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

7.5CVSS0.00311EPSS
Exploits1References1
OSV
OSVadded 2022/06/02 2:15 p.m.18 views

CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

7.5CVSS6.7AI score0.00311EPSS
Exploits1References1
OSV
OSVadded 2022/01/21 11:34 p.m.19 views

GHSA-R8PR-83CC-CCV7 Umbraco Persistent Password Reset Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

7.4CVSS7.7AI score0.00303EPSS
Exploits2References3
Github Security Blog
Github Security Blogadded 2022/01/21 11:34 p.m.35 views

Umbraco Persistent Password Reset Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

8.6CVSS1.1AI score0.00303EPSS
Exploits2References3Affected Software1
OSV
OSVadded 2022/01/18 5:15 p.m.16 views

CVE-2022-22691

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

7.4CVSS7.5AI score0.00303EPSS
Exploits2References1
Cvelist
Cvelistadded 2022/01/18 4:52 p.m.21 views

CVE-2022-22691 Umbraco Password Reset URL Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

6.8CVSS8.1AI score0.00255EPSS
Exploits1References1
CVE
CVEadded 2022/01/18 4:52 p.m.140 views

CVE-2022-22691

CVE-2022-22691 relates to Umbraco’s password reset flow, where the application builds the reset URL using the hostname from the request host header. This can allow an attacker to tamper the reset URL so it points to the attacker’s server, potentially exposing the password reset token when the use...

7.4CVSS7AI score0.00255EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/01/18 2:26 p.m.2 views

CVE-2022-22691

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

8.6CVSS7AI score0.00303EPSS
Exploits2References2
Patchstack
Patchstackadded 2021/03/03 12:0 a.m.27 views

WordPress WP Hotel Booking plugin <= 1.10.2 - Unauthenticated Remote Code Execution (RCE) via Arbitrary Object Deserialisation vulnerability

Unauthenticated Remote Code Execution RCE via Arbitrary Object Deserialisation vulnerability discovered by Nick Blundell AppCheck Ltd in WordPress WP Hotel Booking plugin versions = 1.10.2. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.3...

9.8CVSS4.8AI score0.8462EPSS
Exploits2References3Affected Software1
GithubExploit
GithubExploitadded 2020/11/30 9:23 a.m.74 views

Exploit for CVE-2020-11651

PoC exploit for CVE-2020-11651 and CVE-2020-11652, two vulnerabi...

9.8CVSS9.4AI score0.94234EPSS
Exploits24
CNVD
CNVDadded 2017/06/13 12:0 a.m.1 views

AppCheck and AppCheck Pro Untrustworthy Search Path Vulnerabilities

AppCheck and AppCheck Pro are both anti-tampering software. An untrusted search path vulnerability exists in AppCheck versions prior to 2.0.1.15 and AppCheck Pro versions prior to 2.0.1.15. An attacker can exploit this vulnerability to execute arbitrary code with the help of a specially crafted...

9.3CVSS7.7AI score0.00258EPSS
Exploits0References1
OSV
OSVadded 2017/06/09 4:29 p.m.0 views

CVE-2017-2214

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

8.4CVSS6.1AI score
Exploits0References1
NVD
NVDadded 2017/06/09 4:29 p.m.6 views

CVE-2017-2214

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

9.3CVSS8.6AI score0.00258EPSS
Exploits0References1
Prion
Prionadded 2017/06/09 4:29 p.m.9 views

Design/Logic Flaw

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

9.3CVSS8.5AI score0.00258EPSS
Exploits0References1Affected Software2
CVE
CVEadded 2017/06/09 4:0 p.m.45 views

CVE-2017-2214

The CVE-2017-2214 entry corresponds to an untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15. The underlying issue allows an attacker to execute arbitrary code via a specially crafted executable in an unspecified directory. Affected products: AppCheck and A...

9.3CVSS8.6AI score0.00258EPSS
Exploits0References1Affected Software2
Cvelist
Cvelistadded 2017/06/09 4:0 p.m.11 views

CVE-2017-2214

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

8.6AI score0.00258EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2017/06/07 5:54 a.m.2 views

AppCheck may insecurely invoke an executable file

Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...

9.3CVSS6.9AI score0.00258EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2017/06/07 12:0 a.m.27 views

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

9.3CVSS8.6AI score0.00258EPSS
Exploits0
Rows per page
Query Builder