Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.2 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS6AI score0.00027EPSS
Exploits1References1
NVD
NVDadded 2026/03/27 5:16 p.m.2 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS0.00027EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/27 4:13 p.m.23 views

CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS0.00027EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/27 4:13 p.m.1 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS6AI score0.00027EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/27 4:13 p.m.6 views

CVE-2026-33770

Summary: CVE-2026-33770 affects WWBN/AVideo up to version 26.0, where fixCleanTitle() in objects/category.php interpolates user-controlled data directly into a SQL query, enabling SQL injection when creating or renaming categories. The vulnerability stems from building the query with $clean_title...

9.8CVSS6AI score0.00027EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/03/26 6:15 p.m.2 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the fixCleanTitle function. An attacker can access sensitive database information by injecting crafted input into the cleantitle or id parameters...

9.8CVSS6AI score0.00027EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/26 12:0 a.m.3 views

PT-2026-28538

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating the $clean title and $id variables into the query string without using prepare...

7.1CVSS5.9AI score0.00027EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.2 views

PT-2026-6597

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.20 Description A Cross-Site Scripting issue exists in the /admin/category/create API endpoint. An attacker can manipulate the rel id parameter within a crafted URL. By enticing a user with administrative...

6.1CVSS5.6AI score0.0002EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2026/01/09 12:30 p.m.0 views

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS7.2AI score0.00098EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-2975

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00098EPSS
Exploits1References3
Packet Storm
Packet Stormadded 2023/12/04 12:0 a.m.291 views

October CMS 3.4.0 Category Cross Site Scripting

OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

7.4AI score
Exploits0
Veracode
Veracodeadded 2023/11/21 11:41 a.m.12 views

Cross Site Scripting (XSS)

openCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of validation in Category creation field, which allows an attacker to inject HTML into the application...

6.1CVSS6.4AI score0.00098EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2023/11/18 6:30 a.m.23 views

Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS7AI score0.00098EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2023/11/18 6:30 a.m.9 views

GHSA-HHCF-79PM-R8R9 Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS6.3AI score0.00098EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2023/11/18 4:15 a.m.0 views

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS6.3AI score0.00098EPSS
Exploits1References2
OSV
OSVadded 2023/11/18 4:15 a.m.17 views

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS6.4AI score0.00098EPSS
Exploits1References1
NVD
NVDadded 2023/11/18 4:15 a.m.11 views

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.1CVSS0.00098EPSS
Exploits1References1
CNNVD
CNNVDadded 2023/11/18 12:0 a.m.1 views

openCRX Security Vulnerabilities

openCRX is an open source Crm software. A security vulnerability exists in openCRX version 5.2.0, which originated from a vulnerability that allows attackers to perform HTML injection attacks via the Category Creation Name field...

6.1CVSS7AI score0.00098EPSS
Exploits1References2
CVE
CVEadded 2023/11/18 12:0 a.m.43 views

CVE-2023-40815

Summary: OpenCRX 5.2.0 is affected by an HTML injection flaw in the Category Creation Name Field. This issue is repeatedly described as enabling Cross‑Site Scripting (XSS) via the category name input, reflecting a lack of input validation in that field. The available documents identify the vulner...

6.1CVSS6.3AI score0.00098EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/11/18 12:0 a.m.11 views

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field...

6.9AI score0.00098EPSS
Exploits1References1
Rows per page
Query Builder