Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 10:32 a.m.5 views

CVE-2019-14750

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

6.1CVSS5.9AI score0.03353EPSS
Exploits4References1
Vulnrichment
Vulnrichmentadded 2025/01/09 11:10 a.m.5 views

CVE-2024-12222 Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter

The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfwbulklabelurl’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6AI score0.02566EPSS
Exploits0References3
Snyk
Snykadded 2023/06/22 11:31 a.m.1 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass...

6.9CVSS7.3AI score0.00041EPSS
Exploits0References2
OSV
OSVadded 2022/06/02 9:15 p.m.1 views

CVE-2022-26867

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...

8CVSS7.3AI score0.0029EPSS
Exploits0References1
OSV
OSVadded 2019/05/07 7:29 p.m.1 views

CVE-2019-7687

cgi-bin/qcmapwebcgi on JioFi 4 jmr1140 AmtelJMR1140R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data...

6.1CVSS6.4AI score0.00627EPSS
Exploits3References5
BDU FSTEC
BDU FSTECadded 2017/12/14 12:0 a.m.3 views

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...

10CVSS5.9AI score0.49289EPSS
Exploits4References10Affected Software1
BDU FSTEC
BDU FSTECadded 2017/10/11 12:0 a.m.4 views

The vulnerability of the “send and receive file” command handler in the Picocom terminal emulation software allows a hacker to execute any command they desire.

The vulnerability of the “send and receive file” command in the Picocom terminal emulation software lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by using /bin/sh to launch external commands...

10CVSS8.2AI score0.1671EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder