Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/01/08 5:13 p.m.16 views

CVE-2026-22235 OPEXUS eComplaint IDOR

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

8.7CVSS0.00019EPSS
Exploits0References2
OSV
OSVadded 2025/12/28 11:15 a.m.0 views

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

8.8CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/12/28 12:0 a.m.1 views

PT-2025-53647

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A flaw exists in ZSPACE Z4Pro+ that allows for command injection. The issue is located within the zfilev2 api open function, accessible through the /v2/file/safe/open endpoint of the HTTP POST...

6.5CVSS6.9AI score0.00166EPSS
Exploits1References8
EUVD
EUVDadded 2025/12/06 12:31 a.m.2 views

EUVD-2025-201501

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

9CVSS6.4AI score0.01217EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/10/15 1:19 a.m.1 views

CVE-2023-7311 BYTEVALUE Intelligent Flow Control Router Command Injection

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...

9.3CVSS8.1AI score0.00296EPSS
Exploits0References4
CVE
CVEadded 2025/10/15 1:19 a.m.9 views

CVE-2023-7311

CVE-2023-7311 affects the BYTEVALUE Intelligent Flow Control Router. A command-injection flaw exists in the /goform/webRead/open endpoint where the unvalidated path parameter is echoed into a shell, enabling arbitrary shell command execution. This can lead to writing backdoors, host privilege esc...

9.3CVSS8.1AI score0.00296EPSS
In wildExploits0References4
OSV
OSVadded 2025/04/02 10:36 p.m.4 views

GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

9.3CVSS8.4AI score0.02401EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2018/06/13 12:0 a.m.2 views

PT-2018-10962 · Sensiolabs · Symfony

Name of the Vulnerable Software and Affected Versions: SensioLabs Symfony version 3.3.6 Description: A reflected Cross-site scripting XSS issue exists in the web profiler, allowing remote attackers to inject arbitrary web script or HTML via the file parameter in an profiler/open?file= URI. The...

6.1CVSS6.5AI score0.00287EPSS
Exploits2References11
Rows per page
Query Builder