Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1754 matches found

Veracode
Veracodeadded 2022/05/24 10:53 a.m.26 views

SQL Injection

helloxz/imgurl is vulnerable to SQL Injection attacks. A attacker is able to send malicious script through the query parameter in construct to execute SQL queries on the target system via /upload/localhost...

8.1CVSS8.6AI score0.00285EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/05/24 3:15 a.m.1 views

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

8.1CVSS6AI score0.00285EPSS
Exploits1References2
NVD
NVDadded 2022/05/24 3:15 a.m.8 views

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

8.1CVSS0.00285EPSS
Exploits1References1
CVE
CVEadded 2022/05/24 2:10 a.m.73 views

CVE-2022-29305

CVE-2022-29305 concerns imgurl v2.31, which has a Blind SQL injection vulnerability located at /upload/localhost. Multiple connected sources describe the issue as an SQL injection stemming from unsanitized input in the upload handling (e.g., Veracode notes exploitation via the query parameter in ...

8.1CVSS8.3AI score0.00285EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/05/24 2:10 a.m.13 views

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

8.7AI score0.00285EPSS
Exploits1References1
CNNVD
CNNVDadded 2022/05/24 12:0 a.m.2 views

imgurl SQL注入漏洞

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

8.1CVSS5.9AI score0.00285EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2022/05/23 5:16 p.m.1 views

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

8.8CVSS5.9AI score0.0031EPSS
Exploits1References3
OSV
OSVadded 2022/05/23 5:16 p.m.1 views

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

8.8CVSS7.3AI score
Exploits0References2
Cvelist
Cvelistadded 2022/05/23 4:59 p.m.14 views

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

8.9AI score0.0031EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2022/05/16 9:15 a.m.182 views

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 CVE-2022-30525 POC exploit Usage shell u...

10CVSS9.2AI score0.94445EPSS
Exploits25
RedhatCVE
RedhatCVEadded 2022/05/14 11:39 a.m.41 views

CVE-2020-8558

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

5.8CVSS8.3AI score0.20149EPSS
Exploits5References4
OSV
OSVadded 2022/05/13 1:8 a.m.28 views

GHSA-WQ4C-WM6X-JW44 Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding

Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem. Original Descriptio...

8.8CVSS8.3AI score0.01501EPSS
Exploits0References5
Veracode
Veracodeadded 2022/04/22 7:26 p.m.26 views

Server-side Request Forgery (SSRF)

asterisk is vulnerable to server-side request forgery. When using STIR/SHAKEN, an attacker can send arbitrary requests to the interfaces such as localhost by using the Identity header...

9.1CVSS2.6AI score0.01464EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/04/15 5:15 a.m.0 views

DEBIAN-CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS8.6AI score0.01464EPSS
Exploits0References1
OSV
OSVadded 2022/04/15 5:15 a.m.41 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS1.6AI score
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2022/04/15 5:15 a.m.2 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS7.3AI score0.01464EPSS
Exploits0References6
Prion
Prionadded 2022/04/15 5:15 a.m.23 views

Server side request forgery (ssrf)

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

6.4CVSS8.8AI score0.01464EPSS
Exploits0References5Affected Software2
OSV
OSVadded 2022/04/15 5:15 a.m.0 views

UBUNTU-CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS5.9AI score0.01464EPSS
Exploits0References6
CNNVD
CNNVDadded 2022/04/15 12:0 a.m.2 views

Asterisk 代码问题漏洞

Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 19.x and prior versions of STIR/SHAKEN contain a security vulnerability that originates from the ability to send arbitrary requests e.g., GET to interfaces such as...

9.1CVSS8.1AI score0.01464EPSS
Exploits0References10
Debian CVE
Debian CVEadded 2022/04/15 12:0 a.m.42 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS8.6AI score0.01464EPSS
Exploits0
Rows per page
Query Builder