1259633 matches found
CVE-2026-14961
creationtimestamp| type| source ---|---|--- 2026-07-16 12:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93588 2026-07-17 00:00:54+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93588...
CVE-2023-49900
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...
ROOT-APP-NPM-CVE-2026-47674 CVE-2026-47674 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47674 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44456 CVE-2026-44456 in @rootio/hono - Patched by Root
Root has patched CVE-2026-44456 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54286 CVE-2026-54286 in @rootio/hono - Patched by Root
Root has patched CVE-2026-54286 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-56368 CVE-2026-56368 in rootio-imagemagick - Patched by Root
Root has patched CVE-2026-56368 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-56370 CVE-2026-56370 in rootio-imagemagick - Patched by Root
Root has patched CVE-2026-56370 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-53461 CVE-2026-53461 in rootio-imagemagick - Patched by Root
Root has patched CVE-2026-53461 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-33180 CVE-2026-33180 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root
Root has patched CVE-2026-33180 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...
Helmet Store Showroom v1.0 - SQL Injection
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...
Shopware < 6.5.8.13 - SQL Injection
The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" ...
OsTicket < 1.14.3 - Server Side Request Forgery
SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...
Nette Framework - Remote Code Execution
Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...
Symfony Profiler - Remote Access via Injected Arguments
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
Flatpress < 1.3 - Path Traversal
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. id: CVE-2023-0947 info: name: Flatpress 1.3 - Path Traversal author: r3Y3r53 severity: critical description: | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. impact: | Unauthenticated attackers ca...
PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...
Gitea Container Registry - Unauthorized Private Image Access
Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...
SuiteCRM Unauthenticated Graphql Introspection
Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...
WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...
Ricoh Web Image Monitor - Reflected XSS
A reflected cross-site scripting vulnerability exists in the laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. id: CVE-2025-41393 info: name: Rico...