Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2571 matches found

CVE
CVEadded 2025/11/20 12:0 a.m.8 views

CVE-2025-60738

Affected product/versions: Ilevia EVE X1 Server Firmware v4.7.18.0.eden and prior, with Logic v6.00 - 2025_07_21 and before. Vulnerability: remote code execution via the ping.php component due to inadequate filtering of IP parameters, enabling arbitrary code execution. Impact: high impact (critic...

9.8CVSS7.6AI score0.009EPSS
Exploits2References1Affected Software1
OSV
OSVadded 2025/11/19 8:15 p.m.0 views

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

9.8CVSS6AI score0.00499EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/11/19 12:0 a.m.4 views

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

7.5AI score0.00499EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2025/11/19 12:0 a.m.3 views

Fortinet FortiManager Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a...

5.9CVSS7.2AI score0.62365EPSS
Exploits4References3
CNNVD
CNNVDadded 2025/11/19 12:0 a.m.2 views

QVidium Opera11 安全漏洞

QVidium Opera11 is a broadcast codec device from QVidium Corporation, USA. A security vulnerability exists in QVidium Opera11 version 2.9.0-Ax4x-opera11, which originates from improper validation of /cgi-bin/netping.cgi endpoint inputs and could lead to remote code execution...

9.8CVSS7.7AI score0.00499EPSS
Exploits1References4
CVE
CVEadded 2025/11/19 12:0 a.m.10 views

CVE-2025-63213

The CVE-2025-63213 issue affects QVidium Opera11 firmware 2.9.0-Ax4x-opera11. The vulnerability is an RCE caused by improper input validation on /cgi-bin/net_ping.cgi, allowing a crafted GET request to inject commands that execute with root privileges. Impact is full device control as described i...

9.8CVSS7.5AI score0.00499EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/19 12:0 a.m.3 views

PT-2025-47525

Name of the Vulnerable Software and Affected Versions QVidium Opera11 firmware version 2.9.0-Ax4x-opera11 Description The QVidium Opera11 device is susceptible to Remote Code Execution RCE because of inadequate input validation. An attacker can exploit this by sending a crafted GET request to the...

7.6AI score0.00499EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/11/18 10:49 p.m.5 views

CVE-2025-13304

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

9CVSS7.3AI score0.00587EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/11/18 12:0 a.m.2 views

PT-2025-47255

Name of the Vulnerable Software and Affected Versions Permalinks Cascade plugin for WordPress versions up to and including 2.2 Description The Permalinks Cascade plugin for WordPress does not properly verify user authorization when performing certain actions. Specifically, the...

4.3CVSS6.2AI score0.00034EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/17 10:32 p.m.9 views

CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

9CVSS0.00587EPSS
Exploits1References9
EUVD
EUVDadded 2025/11/17 10:32 p.m.3 views

EUVD-2025-197897

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

9CVSS6.9AI score0.00587EPSS
Exploits1References11
Positive Technologies
Positive Technologiesadded 2025/11/14 12:0 a.m.4 views

PT-2026-1239

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the s390/fpu component related to false-positive Kernel Memory Sanitizer KMSAN reports within the fpu vstl function. This occurs because the 'vstl'...

9.8CVSS6.5AI score0.00249EPSS
Exploits1References419
Tenable Nessus
Tenable Nessusadded 2025/11/12 12:0 a.m.2 views

EulerOS 2.0 SP10 : iputils (EulerOS-SA-2025-2389)

According to the versions of the iputils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ping in iputils before 20250602 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet,...

6.5CVSS6.6AI score0.00508EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEVadded 2025/11/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

8.8CVSS5.4AI score0.00856EPSS
In wildExploits1References63
RedhatCVE
RedhatCVEadded 2025/11/07 9:53 p.m.5 views

CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.7AI score0.00064EPSS
Exploits1References1
NVD
NVDadded 2025/11/06 9:15 p.m.3 views

CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS0.00064EPSS
Exploits1References3
OSV
OSVadded 2025/11/06 9:7 p.m.2 views

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.8AI score0.00064EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/11/06 9:7 p.m.3 views

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.3AI score0.00064EPSS
Exploits1References3
CVE
CVEadded 2025/11/06 9:7 p.m.6 views

CVE-2025-64327

CVE-2025-64327 affects ThinkDashboard (Go + JavaScript) and is caused by a blind SSRF in the /api/ping?url= endpoint in versions 0.6.7 and earlier. An attacker can cause the application to perform arbitrary requests to internal or external hosts, potentially revealing local network topology and o...

5.3CVSS6.3AI score0.00064EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2025/11/06 9:7 p.m.1 views

EUVD-2025-38186

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.2AI score0.00064EPSS
Exploits1References3
Rows per page
Query Builder