Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Vulnrichment
Vulnrichmentadded 2026/04/24 12:34 a.m.1 views

CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

5.3CVSS5.2AI score0.00028EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-10354

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01669EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/04/07 12:0 a.m.1 views

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the changeStatus method...

9.8CVSS6.8AI score0.01669EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/04/07 12:0 a.m.12 views

CVE-2025-28405

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method...

0.01669EPSS
Exploits1References2
CVE
CVEadded 2025/04/07 12:0 a.m.47 views

CVE-2025-28405

Summary: CVE-2025-28405 affects RUoYi v4.8.0 and allows a remote attacker to escalate privileges via the changeStatus method. The issue is exploitable over the network with no user interaction, and the base CVSSv3.1 score is 9.8 (CRITICAL) , with high impact on confidentiality, integrity, and ava...

9.8CVSS7.4AI score0.01669EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2023/11/14 3:15 p.m.8 views

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...

8.8CVSS0.00163EPSS
Exploits1References1
CNNVD
CNNVDadded 2023/11/14 12:0 a.m.2 views

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3, which stems from a cross-site request forgery CSRF vulnerability via /admin/task/changeStatus...

8.8CVSS6.8AI score0.00163EPSS
Exploits1References2
CVE
CVEadded 2023/11/14 12:0 a.m.46 views

CVE-2023-48020

Summary: CVE-2023-48020 affects Dreamer CMS 4.1.3 with a CSRF vulnerability exploitable via /admin/task/changeStatus. The CVSS 3.1 base score is 8.8 (High) with PR:None, UI:Required, and impacts to confidentiality, integrity, and availability (all High). Connected sources confirm the same vector ...

8.8CVSS8.8AI score0.00163EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2022/09/21 6:15 p.m.3 views

CVE-2022-40030

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/09/21 12:0 a.m.1 views

Simple Task Managing System SQL注入漏洞

Simple Task Managing System is a simple task management system. A security vulnerability exists in version v1.0 of Simple Task Managing System due to an SQL injection vulnerability in the bookId parameter of the changeStatus.php component...

9.8CVSS8.5AI score0.00652EPSS
Exploits1References4
Rows per page
Query Builder