Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2484 matches found

0day.today
0day.todayadded 2023/11/30 12:0 a.m.2365 views

CE Phoenix 1.0.8.20 Remote Code Execution Exploit

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

7.4AI score
Exploits0
0day.today
0day.todayadded 2023/11/28 12:0 a.m.441 views

CE Phoenix 1.0.8.20 Remote Command Execution Vulnerability

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2023/11/27 12:0 a.m.272 views

CE Phoenix 1.0.8.20 Remote Command Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...

7.4AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/11/25 12:0 a.m.5 views

PT-2023-8870 · Unknown · Ce Phoenix

Name of the Vulnerable Software and Affected Versions: CE Phoenix versions 1.0.8.20 and earlier Description: The issue is related to insufficient neutralization of special symbols in the english.php component, allowing a remote attacker to execute arbitrary code, escalate privileges, and obtain...

4.8CVSS7.7AI score0.00813EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2023/11/25 12:0 a.m.6 views

PT-2023-8978 · Unknown · Ce Phoenix

Name of the Vulnerable Software and Affected Versions: CE Phoenix versions 1.0.8.20 Description: The issue is related to incorrect code generation management in the /admin/define language.php script of the CE Phoenix e-commerce software. This allows a remote attacker to execute arbitrary code by...

10CVSS7.7AI score0.27237EPSS
Exploits1References11
Packet Storm
Packet Stormadded 2023/11/25 12:0 a.m.278 views

CE Phoenix 1.0.8.20 Cross Site Scripting

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

7.4AI score
Exploits0
CNNVD
CNNVDadded 2023/11/14 12:0 a.m.3 views

Netgate pfSense CE Cross-Site Scripting Vulnerability

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A cross-site scripting vulnerability exists in Netgate pfSense CE version v.2.7.0, which originates from a vulnerability that allows remote attackers to gain privileges by accessing the getserviceproviders.ph...

5.4CVSS6.5AI score0.55356EPSS
Exploits1References2
Prion
Prionadded 2023/11/09 10:15 p.m.20 views

Default credentials

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

5.8CVSS7.5AI score0.01679EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/11/09 12:0 a.m.12 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7AI score0.01679EPSS
Exploits0References1
CVE
CVEadded 2023/11/09 12:0 a.m.59 views

CVE-2023-29975

CVE-2023-29975 affects pfSense CE 2.6.0. The publicly documented description states that an attacker can change the password of any user without verification, indicating a credential-management flaw in the auth flow. No explicit root-cause, affected components, or versions beyond 2.6.0 are provid...

7.2CVSS7AI score0.01679EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/11/09 12:0 a.m.21 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7.2AI score0.01679EPSS
Exploits0References1
NVD
NVDadded 2023/11/08 9:15 p.m.11 views

CVE-2023-29974

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...

9.8CVSS0.01753EPSS
Exploits0References1
Prion
Prionadded 2023/11/08 9:15 p.m.16 views

Design/Logic Flaw

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...

7.5CVSS7.4AI score0.01753EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2023/11/08 12:0 a.m.3 views

Netgate pfSense CE Security Vulnerability

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A security vulnerability exists in Netgate pfSense CE version 2.6.0, which originated from a vulnerability that allows an attacker to compromise a user account via a weak password request...

9.8CVSS6.9AI score0.01753EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/11/08 12:0 a.m.20 views

CVE-2023-29974

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...

7.3AI score0.01753EPSS
Exploits0References1
CVE
CVEadded 2023/11/08 12:0 a.m.56 views

CVE-2023-29974

CVE-2023-29974 affects pfSense CE 2.6.0. The linked documents describe a weakness in password requirements that can allow an attacker to compromise user accounts. The core issue is a weak password policy in the affected release; no technical details on the exact root cause, affected components, o...

9.8CVSS9.3AI score0.01753EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/11/08 12:0 a.m.18 views

CVE-2023-29974

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...

9.6AI score0.01753EPSS
Exploits0References1
NVD
NVDadded 2023/11/06 1:15 p.m.13 views

CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

6.5CVSS5.3AI score0.00595EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2023/11/06 1:15 p.m.14 views

CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

6.5CVSS6.5AI score0.00595EPSS
Exploits0References1
Prion
Prionadded 2023/11/06 1:15 p.m.21 views

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

4CVSS6.7AI score0.00595EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder