Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

NVD
NVDadded 2026/02/27 6:16 p.m.3 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS0.00098EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/11/19 12:0 a.m.6 views

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

0.00499EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-5540

Malware in sbrugna...

5.5CVSS5.5AI score0.00115EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-47533

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.003EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/04/03 12:0 a.m.2 views

insightsoftware Spark JDBC 安全漏洞

insightsoftware Spark JDBC is a data connectivity driver from insightsoftware. It supports Spark access to multiple databases A security vulnerability exists in insightsoftware Spark JDBC version 2.6.21, which stems from malicious parameter injection that could lead to remote code execution...

8.8CVSS8.6AI score0.0119EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/05 2:51 a.m.2 views

CVE-2024-6433

The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...

7.5CVSS6.8AI score0.003EPSS
Exploits0References1
CVE
CVEadded 2024/12/11 10:16 p.m.45 views

CVE-2024-53274

Habitica (open‑source habit builder) is affected by CVE-2024-53274. The vulnerability is a reflected XSS in the /home context via the register function in home.vue, caused by an insufficient sanitization function. An attacker can abuse a malicious redirectTo parameter to execute arbitrary JavaScr...

6.1CVSS5.7AI score0.00097EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2023/03/21 8:45 a.m.15 views

Cross-Site Scripting (XSS)

github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting XSS attacks. An attacker is able to send AJAX requests on behalf of the victim through OAuth flow completion endpoints via sharing a crafted link with a malicious state parameter...

6.1CVSS5.7AI score0.00626EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2021/03/05 12:45 a.m.15 views

Remote Code Execution

total.js is vulnerable to remote code execution. The vulnerability exists in set of utils.js where it does not validate malicious parameter being injected and executed by a malicious user...

9.8CVSS3AI score0.12679EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2018/02/20 3:29 p.m.15 views

Cross site scripting

DISPUTED Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts -...

3.5CVSS5.2AI score0.00157EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder