Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.2 views

PT-2026-20299

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.9.0.12 StorageGRID versions prior to 12.0.0.4 Description StorageGRID, formerly known as StorageGRID Webscale, is affected by a Server-Side Request Forgery SSRF issue when Single Sign-on SSO is enabled and...

7.1CVSS5.5AI score0.00018EPSS
Exploits0References9
OSV
OSVadded 2025/07/15 2:15 a.m.0 views

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

7.2CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2024/10/16 5:15 p.m.2 views

CVE-2024-20458

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

8.2CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linuxadded 2021/06/30 3:47 p.m.4 views

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6.2AI score0.00125EPSS
Exploits0References4
CNVD
CNVDadded 2019/04/02 12:0 a.m.2 views

Grandstream GXP16xx Elevation of Privilege Vulnerability

The Grandstream GXP16xx VoIP is a 16XX series IP phone from Grandstream. An elevation of privilege vulnerability exists in /cgi-bin/deleteCA in Grandstream GXP16xx 1.0.4.128, which can be exploited to delete configuration parameters and gain administrator access to the device via a malformed inpu...

9.8CVSS7.3AI score0.00607EPSS
Exploits0References1
OSV
OSVadded 2019/04/01 9:29 p.m.1 views

CVE-2018-17564

A Malformed Input String to /cgi-bin/deleteCA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2018/06/26 8:29 p.m.6 views

DEBIAN-CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

8.8CVSS7.9AI score0.88705EPSS
Exploits4References1
Rows per page
Query Builder