Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82199 matches found

Snyk
Snykadded 2025/12/18 8:46 p.m.3 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the shipping options configuration form in the E-commerce module ecommerce.shippingoption. An...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2025/12/18 8:15 p.m.3 views

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

5.1CVSS6.4AI score
Exploits0References3
NVD
NVDadded 2025/12/18 8:15 p.m.4 views

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

5.4CVSS0.00203EPSS
Exploits1References3
OSV
OSVadded 2025/12/18 8:15 p.m.2 views

CVE-2021-47711

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References2
NVD
NVDadded 2025/12/18 8:15 p.m.4 views

CVE-2021-47711

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses...

8.8CVSS0.00259EPSS
Exploits0References2
CVE
CVEadded 2025/12/18 7:53 p.m.7 views

CVE-2023-53938

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability exploitable via multiple unencoded input parameters (database, collection, login). The root cause is input parameters not being encoded before rendering, enabling attackers to inject arbitrary JavaScript into a victim’s browser....

5.4CVSS6.1AI score0.00203EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2025/12/18 7:53 p.m.20 views

CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

5.4CVSS0.00203EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/12/18 7:53 p.m.2 views

CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

5.4CVSS6.1AI score0.00203EPSS
Exploits1References3
CVE
CVEadded 2025/12/18 7:53 p.m.5 views

CVE-2023-53935

Summary: CVE-2023-53935 affects WBiz Desk 1.2, where a SQL injection flaw exists in ticket.php via the non-admin-accessible tk parameter. The vulnerability enables crafted UNION-based SQL payloads that can extract sensitive data by targeting the ticket endpoint. Impact (as described): Non-admin u...

5.4CVSS7.2AI score0.00179EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/12/18 7:53 p.m.23 views

CVE-2023-53935 WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

5.4CVSS0.00179EPSS
Exploits0References3
OSV
OSVadded 2025/12/18 7:16 p.m.3 views

CVE-2025-14885

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

8.8CVSS5.5AI score
Exploits0References5
NVD
NVDadded 2025/12/18 7:16 p.m.2 views

CVE-2025-14885

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

8.8CVSS0.00299EPSS
Exploits1References5
CVE
CVEadded 2025/12/18 6:32 p.m.7 views

CVE-2025-14885

The CVE-2025-14885 entry concerns SourceCodester Client Database Management System 1.0, specifically the Leads Generation Module. The vulnerability is in an unknown part of the file /user_leads.php, where manipulation can cause unrestricted file upload and can be exploited remotely. Exploit publi...

8.8CVSS6.3AI score0.00299EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2025/12/18 6:32 p.m.25 views

CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

6.5CVSS0.00299EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/18 6:32 p.m.2 views

CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...

6.5CVSS6.3AI score0.00299EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/18 4:2 p.m.4 views

CVE-2025-14877 Campcodes Supplier Management System add_retailer.php sql injection

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addretailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly availabl...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/18 7:22 a.m.2 views

CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

8.5CVSS7.2AI score0.00211EPSS
Exploits0References1
CVE
CVEadded 2025/12/18 7:22 a.m.10 views

CVE-2025-64231

The CVE-2025-64231 entry concerns the WordPress plugin RTW WordPress Contact Form 7 PDF, Google Sheet & Database (rtwwcfp-wordpress-contact-form-7-pdf) versions up to 3.0.0. The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing upload of malicious files via the plugin’...

9.9CVSS6.6AI score0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/18 7:22 a.m.3 views

CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through =...

9.9CVSS6.6AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/18 7:22 a.m.23 views

CVE-2025-64231 WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through =...

9.9CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder