Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Packet Storm News
Packet Storm Newsadded 2025/08/19 12:0 a.m.2 views

M-Files 25.6.14925.0 Path Traversal

This repository contains a proof-of-concept exploit in C for a suspected path traversal vulnerability in M‑Files version 25.6.14925.0. It attempts to read sensitive files e.g. /etc/passwd by injecting traversal payloads into REST API endpoints...

8.4CVSS6.8AI score0.00159EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2025/08/01 12:0 a.m.4 views

PT-2025-31708 · Files · Files

Name of the Vulnerable Software and Affected Versions: Files versions 0.16.9 and below Description: The File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, potentially leading to Browser JS code execution in the context of the user’s session...

5.1CVSS8.1AI score0.00322EPSS
Exploits0References9
CVE
CVEadded 2025/07/28 7:53 p.m.15 views

CVE-2025-54423

CVE-2025-54423 affects the Copyparty portable file server. Versions up to and including 1.18.4 allow an unauthenticated attacker to execute arbitrary JavaScript in a victim’s browser due to improper sanitization of multimedia tags in music files (including m3u). This is a DOM-based XSS vulnerabil...

6.1CVSS7.1AI score0.00203EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 10:36 a.m.7 views

CVE-2024-47170

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...

4.3CVSS6.4AI score0.00771EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2024/05/28 12:0 a.m.3 views

PT-2024-19517 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions 6.6.5 and earlier Description: The issue arises when parsing an untrusted SVG file, leading to a ReDoS Regular Expression Denial of Service condition. This occurs due to the inefficient handling of regular expressions within th...

7.5CVSS6.8AI score0.08989EPSS
Exploits3References27
ATTACKERKB
ATTACKERKBadded 2023/04/20 9:15 a.m.3 views

CVE-2023-2112

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelistadded 2022/10/26 12:0 a.m.13 views

CVE-2022-39286 Execution with Unnecessary Privileges in JupyterApp

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupytercore that stems from jupytercore executing untrusted files in CWD. This vulnerability allows one user to run code as...

8.8CVSS9AI score0.00372EPSS
Exploits0References7
securityvulns
securityvulnsadded 2004/01/20 12:0 a.m.31 views

Directories management bypassing in Goahead webserver <= 2.1.8

Luigi Auriemma Application: Goahead webserver http://www.goahead.com/webserver/webserver.htm Versions: = 2.1.8 Platforms: multiplatform Bug: bypassing of special directories management with the effect of downloading cgi-bin files and more Risk: medium/high Exploitation: remote with browser Date: ...

7.7AI score
Exploits0
Rows per page
Query Builder