Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/14 8:32 p.m.7 views

CVE-2026-44666

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2026/03/09 12:0 a.m.2 views

Chamilo CSV File Name Cross-Site Scripting Vulnerability

Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in Chamilo CSV filenames, which stems from insufficient cleanup of CSV filenames, and no detailed vulnerability details are provided at this time...

4.8CVSS5.8AI score0.00295EPSS
Exploits1References1
OSV
OSVadded 2026/01/05 11:51 p.m.6 views

CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

5.1CVSS6.6AI score0.00302EPSS
Exploits1References6
CNNVD
CNNVDadded 2025/12/10 12:0 a.m.3 views

algernon 安全漏洞

algernon is a web server by Alexander F. Rødseth Personal Developer. A security vulnerability exists in algernon version 1.17.4, which stems from the presence of cross-site scripting in filenames that could lead to the execution of arbitrary code...

6.1CVSS6.1AI score0.00386EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2022/03/24 12:0 a.m.6 views

PT-2022-18606 · Gnome +2 · Gnome Ocrfeeder +2

Name of the Vulnerable Software and Affected Versions: GNOME OCRFeeder versions prior to 0.8.4 Description: The issue allows OS command injection via shell metacharacters in a PDF or image filename. Recommendations: For versions prior to 0.8.4, update to version 0.8.4 or later to resolve the issu...

9.8CVSS9.6AI score0.03008EPSS
Exploits1References15
OSV
OSVadded 2019/12/23 3:15 a.m.0 views

UBUNTU-CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score0.08818EPSS
Exploits1References4
OSV
OSVadded 2018/07/28 11:29 p.m.1 views

DEBIAN-CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames...

6.5CVSS6.5AI score0.03753EPSS
Exploits0References1
Rows per page
Query Builder