Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

179 matches found

Nuclei
Nucleiadded yesterday14 views

qdPM 9.1 - Cross-site Scripting

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php. id: CVE-2020-19515 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM V9.1 is vulnerable to Cross Site Scripting XSS via...

6.1CVSS6.4AI score0.04532EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday17 views

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

6.1CVSS6.4AI score0.01939EPSS
Exploits5References5
Nuclei
Nucleiadded 2 days ago135 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7.1AI score0.79304EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/05 9:30 p.m.0 views

EUVD-2019-20073

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS6.1AI score0.00042EPSS
Exploits1References5
NVD
NVDadded 2026/04/05 9:16 p.m.1 views

CVE-2019-25669

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS0.00042EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/05 8:45 p.m.18 views

CVE-2019-25669 qdPM 9.1 SQL Injection via search_by_extrafields Parameter

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS0.00042EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/05 8:45 p.m.0 views

CVE-2019-25669

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS6.1AI score0.00042EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/04/05 8:45 p.m.1 views

CVE-2019-25669

qdPM 9.1 is affected by an SQL injection vulnerability in the search_by_extrafields[] parameter. An attacker can craft malicious values and send POST requests to the users endpoint to trigger SQL syntax errors and exfiltrate database information. The issue arises from unvalidated input used in da...

8.8CVSS6.1AI score0.00042EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/05 8:45 p.m.0 views

CVE-2019-25669 qdPM 9.1 SQL Injection via search_by_extrafields Parameter

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

8.8CVSS6.1AI score0.00042EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.0 views

PT-2026-30478

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search by extrafields parameter. Attackers can send POST requests to the users endpoint with malicious search by extrafields values to trigger SQL syntax errors...

8.8CVSS6.1AI score0.00042EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/04/05 12:0 a.m.1 views

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...

8.8CVSS5.9AI score0.00042EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/26 11:39 a.m.0 views

CVE-2018-25208

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS6.2AI score0.00078EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 11:39 a.m.0 views

CVE-2018-25208 qdPM 9.1 SQL Injection via filter_by Parameters

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS6.2AI score0.00078EPSS
Exploits1References4
CVE
CVEadded 2026/03/26 11:39 a.m.2 views

CVE-2018-25208

CVE-2018-25208 affects qdPM 9.1. It describes an SQL injection vulnerability in the timeReport endpoint where unauthenticated attackers can craft requests with filter_by[CommentCreatedFrom] and filter_by[CommentCreatedTo] to execute arbitrary SQL and retrieve data. The vulnerability is tied to th...

8.8CVSS6.2AI score0.00078EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/03/26 11:39 a.m.17 views

CVE-2018-25208 qdPM 9.1 SQL Injection via filter_by Parameters

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

8.8CVSS0.00078EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/03/26 12:0 a.m.2 views

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability, which stems from insufficient input validation for the filterby parameter. This vulnerability may lead to SQL injection attacks...

8.8CVSS5.8AI score0.00078EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/09 12:35 p.m.6 views

CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...

9.8CVSS8AI score0.06593EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 12:34 p.m.5 views

CVE-2023-45855

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...

7.5CVSS6.9AI score0.79304EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-3919

Malware in sbrugna...

8.8CVSS8.6AI score0.7292EPSS
Exploits4References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2019-17780

Malware in sbrugna...

6.1CVSS6.2AI score0.01939EPSS
Exploits5References6
Rows per page
Query Builder