Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1365 matches found

NVD
NVDadded 2026/03/05 8:15 a.m.5 views

CVE-2026-2893

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS0.00038EPSS
Exploits0References4
CVE
CVEadded 2026/03/05 7:30 a.m.12 views

CVE-2026-2893

CVE-2026-2893 : The Page and Post Clone plugin for WordPress is vulnerable to a SQL Injection via the meta_key parameter in the content_clone() function in all versions up to and including 6.3. The issue stems from insufficient escaping of the user-supplied meta_key value and inadequate preparati...

6.5CVSS6AI score0.00038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/05 7:30 a.m.4 views

CVE-2026-2893

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS6AI score0.00038EPSS
Exploits0References5
OSV
OSVadded 2026/03/04 4:37 p.m.3 views

CLSA-2026-1772642268 libtiff: Fix of CVE-2025-61145

CVE-2025-61145: fix double free in tiffcrop; add pointer validation and guard against second free...

5.5CVSS5.8AI score0.00015EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/03/02 9:40 p.m.7 views

OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Summary The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification W3C Web Authentication Level 2, §13.4.3...

9CVSS6AI score0.00066EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.3 views

PT-2026-22998

Name of the Vulnerable Software and Affected Versions OneUptime versions 10.0.11 and prior Description The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during...

9CVSS6AI score0.00066EPSS
Exploits1References11
Packet Storm
Packet Stormadded 2026/02/26 12:0 a.m.102 views

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...

5AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/02/24 9:15 p.m.2 views

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

7.5CVSS5.8AI score0.00081EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/24 9:5 p.m.1 views

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

7.5CVSS5.9AI score0.00082EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/22 1:25 p.m.5 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.3AI score0.00013EPSS
Exploits2References1
GithubExploit
GithubExploitadded 2026/02/21 5:5 p.m.160 views

Exploit for CVE-2026-27470

CVE-2026-27470 — ZoneMinder Second-Order SQL Injection !CVE...

8.8CVSS6.2AI score0.00013EPSS
Exploits2
NVD
NVDadded 2026/02/21 8:16 a.m.6 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.00013EPSS
Exploits2References4
OSV
OSVadded 2026/02/21 8:16 a.m.2 views

UBUNTU-CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.1AI score0.00013EPSS
Exploits2References6
CVE
CVEadded 2026/02/21 8:5 a.m.63 views

CVE-2026-27470

ZoneMinder (versions 1.36.37 and earlier; 1.37.61–1.38.0) contains a second‑order SQL Injection in web/ajax/status.php:getNearEvents(). Although event fields Name and Cause are stored via parameterized queries, they are concatenated into SQL WHERE clauses without escaping, allowing an authenticat...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References4Affected Software1
Cvelist
Cvelistadded 2026/02/21 8:5 a.m.18 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.00013EPSS
Exploits2References4
AlpineLinux
AlpineLinuxadded 2026/02/21 8:5 a.m.4 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References4
OSV
OSVadded 2026/02/21 8:5 a.m.2 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.4AI score0.00013EPSS
Exploits2References6
Vulnrichment
Vulnrichmentadded 2026/02/21 8:5 a.m.4 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.00013EPSS
Exploits2References4
RedhatCVE
RedhatCVEadded 2026/02/21 1:31 a.m.8 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

5.3CVSS6.1AI score0.00065EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/02/21 12:0 a.m.7 views

ZoneMinder SQL注入漏洞

ZoneMinder is an open-source video monitoring software system developed by ZoneMinder. This system supports IP, USB, and analog cameras. Versions of ZoneMinder prior to 1.36.37, as well as versions 1.37.61 to 1.38.0, have a SQL injection vulnerability. This vulnerability stems from the...

8.8CVSS6.1AI score0.00013EPSS
Exploits2References4
Rows per page
Query Builder