Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2016-9447

Malware in sbrugna...

7.5CVSS7.6AI score0.00867EPSS
Exploits2References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-11045

Malware in sbrugna...

10CVSS9.4AI score0.09294EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-10788

Malware in sbrugna...

8.8CVSS8.6AI score0.01299EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2012-1836

Malware in sbrugna...

6CVSS6.3AI score0.0101EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-43734

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/02/01 12:0 a.m.4 views

CVE-2022-37034

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests...

5.3AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/11/10 12:0 a.m.15 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.4AI score0.0102EPSS
Exploits1References2
NVD
NVDadded 2019/05/14 6:29 p.m.12 views

CVE-2019-11846

/servlets/ajaxfileupload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection...

6.1CVSS6AI score0.00211EPSS
Exploits5References1
Cvelist
Cvelistadded 2019/03/07 10:0 p.m.15 views

CVE-2018-17422

dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...

6.3AI score0.10795EPSS
Exploits1References1
Prion
Prionadded 2018/09/12 11:29 p.m.15 views

Design/Logic Flaw

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/imagetools/index.jsp fieldName and inode parameters...

4.3CVSS6AI score0.00184EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2016/10/28 3:0 p.m.14 views

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

7.6AI score0.00867EPSS
Exploits2References4
NVD
NVDadded 2012/06/08 4:55 p.m.14 views

CVE-2012-1826

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

6CVSS7.1AI score0.0101EPSS
Exploits1References8
Rows per page
Query Builder