Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

67 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:21 a.m.9 views

CVE-2008-6279

RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...

7.8CVSS6.5AI score0.02524EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2007-1960

Malware in sbrugna...

9.1CVSS6.4AI score0.01073EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-24616

Malware in sbrugna...

6.1CVSS6.3AI score0.01309EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2008-3047

Malware in sbrugna...

5CVSS6.4AI score0.01324EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2018-18119

Malware in sbrugna...

6.1CVSS6.3AI score0.01058EPSS
Exploits2References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2007-1947

Malware in sbrugna...

7.5CVSS6.4AI score0.01406EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2007-1239

Malware in sbrugna...

7.5CVSS6.4AI score0.00983EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2007-1943

Malware in sbrugna...

7.5CVSS6.4AI score0.01423EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2007-1099

Malware in sbrugna...

5CVSS6.4AI score0.01442EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2007-1945

Malware in sbrugna...

7.5CVSS6.4AI score0.01406EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2007-1946

Malware in sbrugna...

7.5CVSS6.4AI score0.01453EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2008-6249

Malware in sbrugna...

7.8CVSS6.4AI score0.02524EPSS
Exploits1References5
CVE
CVEadded 2025/07/03 11:26 a.m.14 views

CVE-2025-27450

The CVE concerns Endress+Hauser MEAC300-FNADE4 where the Secure attribute is missing on cookies (e.g., PHPSESSID). This allows an attacker to lure a user into establishing an unencrypted HTTP connection and intercept session cookies, enabling session hijacking. Connected sources corroborate the i...

6.5CVSS6.5AI score0.00247EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2025/07/03 11:26 a.m.6 views

CVE-2025-27450 CVE-2025-27450

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie...

6.5CVSS7.1AI score0.00247EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/22 9:25 p.m.13 views

CVE-2021-38143

An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when...

6.1CVSS6AI score0.01309EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 5:17 a.m.5 views

CVE-2013-7387

Session fixation vulnerability in DataLife Engine DLE 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie...

6.8CVSS7.1AI score0.04955EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/21 7:16 p.m.7 views

CVE-2007-1966

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie...

9.1CVSS7AI score0.01073EPSS
Exploits0References1
OSV
OSVadded 2023/11/15 2:53 p.m.29 views

GHSA-72HH-XF79-429P Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...

8.8CVSS9.2AI score0.01218EPSS
Exploits1References6
NVD
NVDadded 2023/10/10 3:15 p.m.11 views

CVE-2023-30806

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

9.8CVSS10AI score0.65799EPSS
Exploits1References3
Prion
Prionadded 2023/10/10 3:15 p.m.22 views

Command injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

7.5CVSS9.9AI score0.65799EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder