Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7211 matches found

OSV
OSVadded 2022/09/19 4:15 p.m.29 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

9.8CVSS7.3AI score0.99521EPSS
Exploits13References8
ATTACKERKB
ATTACKERKBadded 2022/09/19 12:0 a.m.51 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS2.2AI score0.99521EPSS
In wildExploits13References8
Vulnrichment
Vulnrichmentadded 2022/09/19 12:0 a.m.8 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

9.8AI score0.99521EPSS
Exploits13References7
CVE
CVEadded 2022/09/19 12:0 a.m.1074 views

CVE-2022-35914

CVE-2022-35914 affects GLPI’s htmlawed integration via htmLawedTest.php, enabling PHP code injection. Exploit PoCs exist (PoC scripts and reports in Exploit-DB and GitHub repos) demonstrating remote code execution potential. CVSS v3.1 base score 9.8 (C/H I/H A/H) with network attack vector and no...

9.8CVSS9.6AI score0.99521EPSS
In wildExploits13References8Affected Software1
Cvelist
Cvelistadded 2022/09/19 12:0 a.m.37 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

9.9AI score0.99521EPSS
Exploits13References7
OSV
OSVadded 2022/09/07 12:1 a.m.20 views

GHSA-JJ62-MC3M-J769 FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...

9.8CVSS9.7AI score0.01036EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2022/09/07 12:1 a.m.17 views

FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...

9.8CVSS9.4AI score0.01036EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2022/09/06 7:15 p.m.15 views

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

9.8CVSS9.7AI score
Exploits0References1
NVD
NVDadded 2022/09/06 7:15 p.m.6 views

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

9.8CVSS0.01036EPSS
Exploits1References1
Prion
Prionadded 2022/09/06 7:15 p.m.16 views

Design/Logic Flaw

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

7.5CVSS9.6AI score0.01036EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2022/09/06 6:8 p.m.63 views

CVE-2020-21516

FeehiCMS 2.0.8 contains an arbitrary file upload vulnerability in the head image/avatar upload pathway, enabling attackers to execute PHP code on the server. The issue is documented across multiple sources (including Red Hat, Veracode, GHSA, OSV, and NVD) with CVSS v3.1 base score 9.8 (CRITICAL, ...

9.8CVSS9.6AI score0.01036EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/09/06 6:8 p.m.11 views

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

9.7AI score0.01036EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2022/09/06 5:18 p.m.6 views

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

7.5CVSS8.6AI score0.0118EPSS
Exploits0References4
WPVulnDB
WPVulnDBadded 2022/09/05 12:0 a.m.17 views

Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload

The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file PoC POST /wp-admin/admin-ajax.php...

8.8CVSS0.5AI score0.00457EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/08/16 8:15 a.m.2 views

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

8.8CVSS5.9AI score0.01218EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2022/08/16 8:15 a.m.15 views

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

8.8CVSS0.01218EPSS
Exploits0References3
Prion
Prionadded 2022/08/16 8:15 a.m.12 views

Design/Logic Flaw

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

6.5CVSS8.6AI score0.01218EPSS
Exploits0References3Affected Software2
Cvelist
Cvelistadded 2022/08/16 7:1 a.m.18 views

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

8.8AI score0.01218EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/08/16 12:0 a.m.3 views

PT-2022-22647 · Unknown · Solarview Compact Sv-Cpt-Mc310

Name of the Vulnerable Software and Affected Versions: SolarView Compact SV-CPT-MC310 versions 7.23 and earlier SolarView Compact SV-CPT-MC310F versions 7.23 and earlier Description: The image file management page contains an insufficient verification issue when uploading files. This can be...

8.8CVSS8.7AI score0.01218EPSS
Exploits0References5
OSV
OSVadded 2022/08/15 12:15 p.m.15 views

CVE-2022-36262

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php...

9.8CVSS7AI score
Exploits0References4
Rows per page
Query Builder