Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

RedhatCVE
RedhatCVEadded 2025/09/06 5:21 p.m.4 views

CVE-2025-26455

In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.3AI score0.00091EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/04 12:0 a.m.5 views

PT-2025-36024

Name of the Vulnerable Software and Affected Versions: NdkMediaCodec affected versions not specified Description: Multiple functions within NdkMediaCodec.cpp may experience an out-of-bounds write due to a heap buffer overflow. Successful exploitation of this issue could lead to local privilege...

7.8CVSS6.6AI score0.00091EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 3:57 a.m.5 views

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS7.6AI score0.49604EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 11:40 p.m.4 views

CVE-2022-40841

A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...

6.1CVSS5.7AI score0.00499EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:36 p.m.4 views

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

9.1CVSS9.2AI score0.00812EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2024/06/28 3:53 p.m.482 views

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found here...

7.8CVSS8AI score0.00507EPSS
Exploits3
VulnCheck KEV
VulnCheck KEVadded 2024/06/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS5.9AI score0.49604EPSS
Exploits0References1
OSV
OSVadded 2023/10/25 6:17 p.m.5 views

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS5.8AI score0.49604EPSS
Exploits0References1
NVD
NVDadded 2023/10/25 6:17 p.m.20 views

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS9.9AI score0.49604EPSS
Exploits0References1
Prion
Prionadded 2023/10/25 6:17 p.m.16 views

Sql injection

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

7.5CVSS9.7AI score0.49604EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/25 12:0 a.m.10 views

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

7.6AI score0.49604EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/10/25 12:0 a.m.25 views

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

10AI score0.49604EPSS
Exploits0References1
CVE
CVEadded 2023/10/25 12:0 a.m.70 views

CVE-2023-46347

The CVE-2023-46347 entry concerns the PrestaShop module ndk_steppingpack (Step by Step products Pack) up to version 1.5.6. Affected component: NdkSpack::getPacks() performs sensitive SQL calls, enabling unauthenticated SQL injection via a trivial HTTP request. Impact is high (CVE metrics list Con...

9.8CVSS9.7AI score0.49604EPSS
In wildExploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2023/10/24 12:0 a.m.7 views

PT-2023-29968 · Unknown · Ndk Steppingpack

Name of the Vulnerable Software and Affected Versions: ndk steppingpack versions 1.5.6 and before Description: The issue allows a guest to perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL...

9.8CVSS8.5AI score0.49604EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2023/06/29 6:56 p.m.168 views

Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver

Exploit for CVE-2022-46395 to run on FireTV 2nd gen Cube Thi...

8.8CVSS8.9AI score0.02681EPSS
Exploits4
GithubExploit
GithubExploitadded 2023/06/29 6:54 p.m.165 views

Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver

Exploit for CVE-2022-46395 to run on FireTV 3rd gen Cube Thi...

8.8CVSS8.9AI score0.02681EPSS
Exploits4
GithubExploit
GithubExploitadded 2023/04/13 1:25 p.m.619 views

Exploit for Use After Free in Arm Bifrost_Gpu_Kernel_Driver

Exploit for CVE-2022-38181 to run on FireTV 3rd gen Cube Thi...

8.8CVSS9AI score0.12588EPSS
Exploits4
GithubExploit
GithubExploitadded 2023/04/13 1:19 p.m.376 views

Exploit for Use After Free in Arm Bifrost_Gpu_Kernel_Driver

Exploit for CVE-2022-38181 for FireTV 2nd gen Cube This is a...

8.8CVSS8.9AI score0.12588EPSS
Exploits4
OSV
OSVadded 2022/11/22 1:15 a.m.3 views

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

9.1CVSS5.8AI score0.00812EPSS
Exploits1References2
CNNVD
CNNVDadded 2022/11/22 12:0 a.m.2 views

NdkAdvancedCustomizationFields 代码问题漏洞

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

9.1CVSS6.8AI score0.00812EPSS
Exploits1References3
Rows per page
Query Builder