Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/13 9:14 p.m.5 views

CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

5CVSS5.8AI score0.00028EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 12:34 p.m.2 views

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS7.8AI score0.00081EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-50578

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:52 a.m.4 views

CVE-2023-46351

In the module mib 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods mib::getManufacturersByCategory has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS7.7AI score0.00138EPSS
Exploits0
Cvelist
Cvelistadded 2024/06/19 12:0 a.m.22 views

CVE-2024-36680

In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

0.00302EPSS
Exploits0References1
Prion
Prionadded 2023/12/06 11:15 p.m.10 views

Sql injection

In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

7.5CVSS7.9AI score0.00073EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/11/27 11:15 p.m.12 views

Sql injection

In the module "Product Catalog CSV, Excel Export/Update" updateproducts 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL...

7.5CVSS7.9AI score0.00066EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2023/11/03 5:15 a.m.10 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

9.8CVSS9.5AI score0.00082EPSS
Exploits0References1
Prion
Prionadded 2023/11/03 5:15 a.m.8 views

Server side request forgery (ssrf)

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

7.5CVSS9.4AI score0.00082EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/11/03 12:0 a.m.10 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

9.6AI score0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/11/03 12:0 a.m.12 views

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

7.5AI score0.00082EPSS
Exploits0References1
CVE
CVEadded 2023/11/03 12:0 a.m.28 views

CVE-2023-43982

CVE-2023-43982 affects Bon Presta boninstagramcarousel versions 5.2.1–7.0.0. A server-side request forgery (SSRF) vulnerability exists in the url parameter of insta_parser.php, allowing an attacker to use the vulnerable site as a proxy to reach other targets or exfiltrate data via HTTP requests. ...

9.8CVSS9.3AI score0.00082EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2023/10/31 2:15 a.m.17 views

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

7.5CVSS7.5AI score0.00052EPSS
Exploits1References1
Prion
Prionadded 2023/10/31 2:15 a.m.11 views

Authentication flaw

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

5CVSS7.5AI score0.00052EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/10/31 12:0 a.m.10 views

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

7.7AI score0.00052EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/10/31 12:0 a.m.11 views

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

7AI score0.00052EPSS
Exploits1References1
CNVD
CNVDadded 2022/02/10 12:0 a.m.22 views

SAP NetWeaver Application Server ABAP and ABAP Platform信息泄露漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany.An information disclosure vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which can be exploited by attackers to read connection details stored in SAP The vulnerability can be exploited to...

4.9CVSS0.5AI score0.00362EPSS
Exploits0References1
Prion
Prionadded 2022/01/28 8:15 p.m.11 views

Remote code execution

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks...

7.5CVSS9.6AI score0.00796EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2022/01/13 9:15 p.m.13 views

CVE-2022-22991

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...

8.8CVSS0.00084EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2021/12/21 3:0 p.m.542 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j Spring vulnerable POC This is a POC for a simple spring...

10CVSS9.5AI score0.94358EPSS
Exploits341
Rows per page
Query Builder