Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

547 matches found

CVE
CVEadded 2026/06/09 4:48 p.m.12 views

CVE-2026-48288

CVE-2026-48288 affects Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue is an Improper Input Validation vulnerability that can result in a security feature bypass . A low-privileged attacker could bypass security controls and gain unauthorized write access. ...

3.5CVSS5.4AI score0.0041EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.9 views

PT-2026-46795

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/20 10:54 p.m.27 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS0.00132EPSS
Exploits0References3
NCSC
NCSCadded 2026/05/13 9:23 a.m.8 views

Vulnerabilities that can be addressed in Adobe Connect

Adobe has identified vulnerabilities in Adobe Connect versions 2025.9.15, 2025.8.157, and earlier versions. These vulnerabilities allow attackers to execute arbitrary code on the affected system. This can occur when users interact with malicious URLs or compromised web pages. The first...

9.6CVSS6.3AI score0.00635EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/12 9:31 p.m.9 views

EUVD-2026-29780

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...

3.4CVSS5.8AI score0.00373EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/04/27 2:0 a.m.5 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS4.8AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/03/23 3:40 p.m.5 views

gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of ICO files. A remote attacker can exploit this by convincing a user to open a malicious file or visit a malicious web page, leading to arbitrary code execution. The issue is due to a lack of...

7.8CVSS7.5AI score0.00662EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/03/23 3:37 p.m.1 views

gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of ICO files. A remote attacker can exploit this by convincing a user to open a malicious file or visit a malicious web page, leading to arbitrary code execution. The issue is due to a lack of...

7.8CVSS7.5AI score0.00662EPSS
Exploits0References6
NVD
NVDadded 2026/03/16 2:17 p.m.4 views

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS0.00232EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/02/20 11:10 p.m.4 views

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.6 views

PT-2026-6587

Name of the Vulnerable Software and Affected Versions HRSALE version 1.1.8 Description HRSALE version 1.1.8 is susceptible to a cross-site request forgery condition. This allows attackers to add unauthorized administrative users via the employee registration form. An attacker can create a malicio...

5.1CVSS5.2AI score0.00156EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 9:35 a.m.6 views

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web...

6.1CVSS7.3AI score0.00237EPSS
Exploits0References1
NVD
NVDadded 2025/12/24 8:15 p.m.7 views

CVE-2018-25150

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

5.3CVSS0.00136EPSS
Exploits1References2
NVD
NVDadded 2025/12/16 5:16 a.m.3 views

CVE-2025-59479

CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product...

6.1CVSS0.00159EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/12/10 9:16 p.m.4 views

CVE-2021-47730

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS6.8AI score0.00213EPSS
Exploits1References1
CVE
CVEadded 2025/12/10 9:4 p.m.15 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 is affected by a cross-site request forgery that allows creation of administrative users via an attacker-crafted page. The root cause is insufficient request validation in the user-management flow, enabling an authenticated user to be coerced into submitt...

8.8CVSS6.4AI score0.00224EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/10 12:0 a.m.6 views

PT-2025-50522

Name of the Vulnerable Software and Affected Versions UBICOD Medivision Digital Signage version 1.5.1 Description The software contains a cross-site request forgery issue that allows attackers to create administrative user accounts without proper request validation. Attackers can create a malicio...

8.8CVSS6.5AI score0.00255EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2019-7735

Malware in sbrugna...

6.5CVSS6.6AI score0.01224EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2000-0208

Malware in sbrugna...

7.6CVSS6.4AI score0.02083EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-24582

Malware in sbrugna...

6.1CVSS4.8AI score0.00843EPSS
Exploits0References2
Rows per page
Query Builder