Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/30 5:16 p.m.0 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.01341EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEVadded 2026/04/30 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-50992

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS5.8AI score0.00156EPSS
In wildExploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.5 views

PT-2026-30819

Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions 10.0 through 20260311 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...

9.8CVSS6.8AI score0.00298EPSS
Exploits1References68
NVD
NVDadded 2026/01/05 10:15 p.m.1 views

CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

9.3CVSS0.00407EPSS
Exploits0References4
CVE
CVEadded 2025/11/24 8:31 p.m.11 views

CVE-2023-7330

CVE-2023-7330 affects Ruijie NBR series routers. An unauthenticated arbitrary file upload vulnerability exists via /ddi/server/fileupload.php where attacker-controlled values in the name and uploadDir parameters are accepted and the multipart file content is saved without proper validation or san...

9.3CVSS7.8AI score0.00751EPSS
In wildExploits0References5
EUVD
EUVDadded 2025/11/11 12:30 a.m.2 views

EUVD-2018-21611

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS6.5AI score0.01161EPSS
Exploits0References4
NVD
NVDadded 2025/11/07 10:15 p.m.2 views

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS0.00181EPSS
Exploits0References4
CVE
CVEadded 2025/11/07 9:52 p.m.24 views

CVE-2020-36870

CVE-2020-36870 affects Ruijie Gateway EG and Ruijie NBR series (firmware versions 11.1(6)B9P1 through 11.9(4)B12P1 are vulnerable). Root cause is a code execution vulnerability in the EWEB management system that can be abused via front-end functionality; when features such as guest authentication...

9.2CVSS7.4AI score0.00181EPSS
In wildExploits0References4
Rows per page
Query Builder