Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/25 3:30 a.m.35 views

CVE-2026-9422 KLiK SocialMediaWebsite HTTP POST Request Parameter injection

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS0.00388EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/24 2:12 a.m.15 views

CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/12 2:27 a.m.6 views

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References1
CVE
CVEadded 2026/04/05 8:45 p.m.4 views

CVE-2019-25674

CMSsite 1.0 is affected by an SQL injection vulnerability in the post parameter that can be exploited via GET requests to post.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially extracting sensitive data or performing time-based blind SQL injection...

9.8CVSS6AI score0.00405EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/16 5:4 p.m.4 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/16 12:0 a.m.6 views

PT-2026-8366

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in paramete...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
CNVD
CNVDadded 2020/03/16 12:0 a.m.3 views

Chadha PHPKB Remote Code Execution Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A remote code execution vulnerability exists in admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker...

7.2CVSS8.2AI score0.04884EPSS
Exploits5References1
Rows per page
Query Builder