Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1344 matches found

NVD
NVDadded 3 days ago6 views

CVE-2026-31978

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
CVE
CVEadded 3 days ago10 views

CVE-2026-31978

Summary: CVE-2026-31978 affects motionEye (pre-0.44.0). A path traversal flaw in the picture/movie preview endpoints (/picture/{id}/preview/{filename}) allows an authenticated, non-admin user to read arbitrary files on the host filesystem via the get_media_preview() path, since it doesn’t check f...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 4 days ago8 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 4 days ago7 views

PT-2026-51644

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description An absolute path traversal issue exists in multiple media file handlers within the media playback and download functionality. The affected handlers accept a user-controlled filename parameter and...

8.7CVSS6AI score0.00623EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 5 days ago5 views

motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/06/19 4:16 p.m.9 views

CVE-2017-20266

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/19 4:4 p.m.5 views

CVE-2017-20266

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/06/19 4:4 p.m.11 views

CVE-2017-20266

CVE-2017-20266 affects Joomla SP Movie Database 1.3. The issue is an SQL injection in the searchword parameter of the searchresults view, enabling unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information via crafted GET requests. No remediation or expl...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/19 4:4 p.m.30 views

CVE-2017-20266 Joomla SP Movie Database 1.3 SQL Injection via searchword

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/06/19 12:0 a.m.10 views

PT-2026-50943

Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/06/15 12:0 p.m.5 views

CVE-2016-20078 WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References3
CVE
CVEadded 2026/06/15 12:0 p.m.14 views

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion (LFI) vulnerability in pic.php that allows unauthenticated attackers to read arbitrary files via directory traversal in the URL. The impact includes potential exposure of sensitive data such as wp-config.php. CVSS metrics present...

6.9CVSS5.5AI score0.00688EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/05 7:49 p.m.10 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00259EPSS
Exploits0References1
CVE
CVEadded 2026/06/01 12:0 a.m.16 views

CVE-2025-60485

GPAC MP4Box contains a segmentation fault in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) that can crash the process when parsing a crafted MP4 file, affecting versions before 26.02.0. The issue is a DoS vulnerability caused by a fault in tag handling. The available references c...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/09 6:30 a.m.7 views

EUVD-2026-20856

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References6
NVD
NVDadded 2026/04/09 5:16 a.m.9 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/09 5:0 a.m.2 views

CVE-2026-5847 code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:0 a.m.1 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/04/09 5:0 a.m.12 views

CVE-2026-5847

Code-projects Movie Ticketing System 1.0 is affected by CVE-2026-5847. The vulnerability resides in the SQL Database Backup File Handler, specifically manipulation of the /db/moviedb.sql file, which can lead to information disclosure. It is exploitable remotely over the network, with a public exp...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/09 5:0 a.m.22 views

CVE-2026-5847 code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00259EPSS
Exploits0References5
Rows per page
Query Builder