Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2286 matches found

NVD
NVDadded 2025/10/31 7:15 p.m.2 views

CVE-2025-62267

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS0.0003EPSS
Exploits0References1
CVE
CVEadded 2025/10/31 6:12 p.m.6 views

CVE-2025-62267

CVE-2025-62267 describes multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.35–7.4.3.111 and Liferay DXP 2023.Q3/Q4 releases, triggered through the web content template’s select structure page. The root cause is improper handling of user input in the First Name, Middle Na...

6.1CVSS5.4AI score0.0003EPSS
Exploits0References1Affected Software2
NVD
NVDadded 2025/10/24 4:21 p.m.5 views

CVE-2025-60555

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode...

7.5CVSS0.00108EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/24 2:14 a.m.2 views

Malicious code in react-modal-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f83da8504c0563910980ac20ded60f00f0dcec4e105148e06d6115d0596162b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
EUVD
EUVDadded 2025/10/24 2:14 a.m.1 views

EUVD-2025-35749

Malicious code in react-modal-select npm...

6.6AI score
Exploits0References1
OSV
OSVadded 2025/10/24 2:14 a.m.1 views

MAL-2025-48583 Malicious code in react-modal-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f83da8504c0563910980ac20ded60f00f0dcec4e105148e06d6115d0596162b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snykadded 2025/10/24 2:14 a.m.3 views

Malicious Package

Overview react-modal-select is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/23 7:35 p.m.2 views

Malicious code in img-region-select-app (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSVadded 2025/10/23 7:35 p.m.1 views

MAL-2025-48845 Malicious code in img-region-select-app (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
CVE
CVEadded 2025/10/22 1:23 p.m.7 views

CVE-2023-53725

CVE-2023-53725 affects the Linux kernel Cadence TTC clocksource driver, specifically the ttc_timer_probe path. The vulnerability is described as a memory leak caused by the base IO mapping not being released. The provided fixes replace the non-managed iomap usage with devm_of_iomap() and add clea...

6.1AI score0.00044EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2025/10/22 12:0 a.m.3 views

PT-2025-43403

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q2.0 through 2025.Q2.9 Liferay DXP versions 2025.Q1.0 through 2025.Q1.16 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3....

6.5CVSS6.5AI score0.00047EPSS
Exploits0References12
NVD
NVDadded 2025/10/07 1:15 p.m.6 views

CVE-2025-40887

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6.5CVSS0.00022EPSS
Exploits0References1
NVD
NVDadded 2025/10/07 1:15 p.m.1 views

CVE-2025-40888

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6.5CVSS0.00022EPSS
Exploits0References1
OSV
OSVadded 2025/10/07 1:15 p.m.1 views

CVE-2025-40887

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6.5CVSS6.1AI score
Exploits0References1
OSV
OSVadded 2025/10/07 1:15 p.m.1 views

CVE-2025-40888

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6.5CVSS6.1AI score0.00022EPSS
Exploits0References1
OSV
OSVadded 2025/10/07 1:15 p.m.1 views

CVE-2025-40885

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

6.5CVSS6.1AI score0.00022EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:37 p.m.2 views

EUVD-2025-32871

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

6CVSS7.5AI score0.00022EPSS
Exploits0References2
CVE
CVEadded 2025/10/07 12:35 p.m.5 views

CVE-2025-40885

CVE-2025-40885 is an authenticated SQL Injection vulnerability in Nozomi Networks Guardian/CMC Smart Polling functionality caused by improper input validation. An authenticated user with limited privileges can cause the DBMS to execute arbitrary SELECT statements, potentially exposing data. Affec...

6.5CVSS7.7AI score0.00022EPSS
Exploits0References1Affected Software2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2009-2534

Malware in sbrugna...

7.8CVSS6.4AI score0.01227EPSS
Exploits6References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2006-1706

Malware in sbrugna...

2.1CVSS6.4AI score0.01113EPSS
Exploits0References10
Rows per page
Query Builder