Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Packet Storm
Packet Stormadded 2026/05/05 12:0 a.m.27 views

📄 JuzaWeb CMS 3.4.2 Remote Code Execution

JuzaWeb CMS version 3.4.2 suffers from an authenticated remote code execution vulnerability. Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/...

6.4AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2026/04/24 12:8 a.m.4 views

CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

6.4CVSS5.5AI score0.00029EPSS
Exploits0References2
Metasploit
Metasploitadded 2026/02/24 6:57 p.m.212 views

Linux WSL via Startup Folder Persistence

This module establishes persistence by creating a payload in the windows startup folder from within the Windows Subsystem for Linux WSL environment. This allows for code execution on Windows user login. Verified on Windows 10 with Ubuntu 24.04 WSL distribution. Module Options msf use...

6.2AI score
Exploits0
CVE
CVEadded 2026/02/12 10:48 p.m.8 views

CVE-2019-25320

CVE-2019-25320 affects E Learning Script 1.0. The vulnerability is an authentication bypass in the login mechanism via the /login.php endpoint, where a crafted payload (e.g. "=' or '") allows an attacker to bypass valid credentials and access the dashboard. Per provided metrics, CVSS v3.1 base sc...

8.8CVSS5.5AI score0.00147EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/12 10:48 p.m.1 views

CVE-2019-25320 elearning-script 1.0 - Authentication Bypass

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

8.8CVSS5.5AI score0.00147EPSS
Exploits0References3
NVD
NVDadded 2026/01/13 11:15 p.m.1 views

CVE-2022-50892

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface...

9.8CVSS0.0022EPSS
Exploits1References3
EUVD
EUVDadded 2025/11/18 9:30 a.m.2 views

EUVD-2025-197952

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...

7.2CVSS6.8AI score0.00056EPSS
Exploits0References2
Rows per page
Query Builder