Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

45 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.7 views

EUVD-2017-5705

Malware in sbrugna...

6.1CVSS6.3AI score0.00635EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-3199

Malware in sbrugna...

9.8CVSS9.5AI score0.0151EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2017-3198

Malware in sbrugna...

9.8CVSS9.5AI score0.01137EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 1:34 a.m.9 views

CVE-2017-14192

The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field...

6.1CVSS6.1AI score0.00635EPSS
Exploits0References1
OSV
OSVadded 2018/10/09 8:29 p.m.5 views

CVE-2018-18191

Cross-site request forgery CSRF vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password...

8.8CVSS5.8AI score0.00806EPSS
Exploits1References1
CVE
CVEadded 2018/10/09 8:0 p.m.44 views

CVE-2018-18191

CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...

8.8CVSS8.7AI score0.00806EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2018/02/25 7:0 p.m.38 views

CVE-2018-7476

CVE-2018-7476 affects FineCms 5.3.0. A Cross Site Scripting (XSS) flaw exists in controllers/admin/Linkage.php reachable via id or lid in a c=linkage,m=import request to admin.php, where the xss_clean protection is bypassed by crafted input that omits ''. The vulnerability is documented across NV...

6.1CVSS6AI score0.00864EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2018/02/12 2:29 p.m.23 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.8CVSS9.7AI score0.02548EPSS
Exploits0References1
OSV
OSVadded 2018/02/12 2:29 p.m.5 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.8CVSS5.8AI score0.02548EPSS
Exploits0References1
Prion
Prionadded 2018/02/12 2:29 p.m.14 views

Sql injection

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

7.5CVSS9.5AI score0.02548EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2018/02/12 2:0 p.m.55 views

CVE-2018-6893

FineCms 5.2.0 is affected by an SQL injection in controllers/member/Api.php when handling requests with s=member,c=api,m=checktitle and a crafted module parameter, due to insufficient filtering. The issue enables arbitrary SQL execution via the vulnerable parameter, as reported in multiple source...

9.8CVSS9.5AI score0.02548EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2018/02/12 2:0 p.m.23 views

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

9.7AI score0.02548EPSS
Exploits0References1
Cvelist
Cvelistadded 2017/11/21 1:0 p.m.16 views

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

9.5AI score0.02141EPSS
Exploits0References2
CVE
CVEadded 2017/11/21 1:0 p.m.45 views

CVE-2017-16920

dayrui FineCms 5.2.0 is affected by CVE-2017-16920 due to a default SYS_KEY in v5/config/system.php that avoids key regeneration per installation. This allows remote attackers to upload arbitrary .php files through a member api swfupload action to index.php. The vulnerability description explicit...

9.8CVSS9.3AI score0.02141EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2017/11/16 9:29 p.m.21 views

CVE-2017-16866

dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting XSS in core/MController.php via the DRURI field...

6.1CVSS6.1AI score0.00778EPSS
Exploits0References1
Cvelist
Cvelistadded 2017/11/16 9:0 p.m.17 views

CVE-2017-16866

dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting XSS in core/MController.php via the DRURI field...

6.1AI score0.00778EPSS
Exploits0References1
CVE
CVEadded 2017/11/16 9:0 p.m.46 views

CVE-2017-16866

CVE-2017-16866 affects dayrui FineCms 5.2.0 prior to 2017-11-16. The vulnerability is a Cross-Site Scripting (XSS) in the code path core/M_Controller.php via the DR_URI field. The connected documents confirm the affected product/component and the root cause (injection in DR_URI leading to XSS). N...

6.1CVSS6AI score0.00778EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2017/09/08 12:0 a.m.5 views

dayrui FineCms 'call_msg' Function Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'callmsg' function in the controllers/Form.php file in version 5.0.11 of...

6.1CVSS6AI score0.00635EPSS
Exploits0References1
CNVD
CNVDadded 2017/09/08 12:0 a.m.5 views

dayrui FineCms 'out' function cross-site scripting vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'out' function of the controllers/member/Login.php file in version 5.0.11 of...

6.1CVSS6AI score0.00635EPSS
Exploits0References1
CNVD
CNVDadded 2017/09/08 12:0 a.m.2 views

dayrui FineCms 'oauth' function cross-site scripting vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'oauth' function of the controllers/member/api.php file in version 5.0.11 of...

6.1CVSS6AI score0.00635EPSS
Exploits0References1
Rows per page
Query Builder