Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

97 matches found

NVD
NVDadded 2026/05/28 9:16 p.m.10 views

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS0.00046EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/05/10 5:16 a.m.4 views

CVE-2026-7261

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

9.8CVSS5.8AI score0.00105EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2014-4084

Malware in sbrugna...

7.8CVSS6.3AI score0.07061EPSS
Exploits2References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-31588

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01461EPSS
Exploits0References1
NVD
NVDadded 2025/09/26 9:15 a.m.4 views

CVE-2025-1862

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

7.2CVSS0.00571EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/09/26 8:18 a.m.5 views

CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

6.7CVSS0.00571EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/09/26 8:18 a.m.8 views

CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

6.7CVSS8AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/03 12:13 a.m.5 views

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

9.8CVSS7.2AI score0.01294EPSS
Exploits1References1
NVD
NVDadded 2025/09/01 1:15 a.m.2 views

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

9.8CVSS0.01294EPSS
Exploits1References5
OSV
OSVadded 2025/09/01 1:15 a.m.1 views

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

9.8CVSS5.6AI score0.01294EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/09/01 12:2 a.m.7 views

CVE-2025-9752 D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.01294EPSS
Exploits1References5
CVE
CVEadded 2025/06/24 4:37 a.m.19 views

CVE-2025-48890

The CVE-2025-48890 issue is an OS command injection in the miniigd SOAP service of Elecom WRH-733GBK and WRH-733GWH. A remote unauthenticated attacker can craft a request to execute arbitrary OS commands on affected devices. Public sources (NVD, Red Hat, JVN, JVNDB) confirm the vulnerability, its...

9.8CVSS7.4AI score0.00973EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.145 views

SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.143 views

SAP SOAP Service RFC_PING Login Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.136 views

SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

7.4AI score
Exploits0
NVD
NVDadded 2024/04/29 7:15 a.m.9 views

CVE-2024-3196

A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/ServicessilentDump/ServicesstopStartMTA/ConfigsaveDateTime/Confighostid/LogsStartGetStat/dumpConfiguration of the component SOAP Service. The manipulation...

6.7CVSS7AI score0.00375EPSS
Exploits1References5
OSV
OSVadded 2024/04/29 7:15 a.m.2 views

CVE-2024-3196

A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/ServicessilentDump/ServicesstopStartMTA/ConfigsaveDateTime/Confighostid/LogsStartGetStat/dumpConfiguration of the component SOAP Service. The manipulation...

6.7CVSS5.3AI score0.00375EPSS
Exploits1References5
CVE
CVEadded 2024/04/29 6:22 a.m.84 views

CVE-2024-3196

CVE-2024-3196 affects MailCleaner up to version 2023.03.14, impacting the SOAP Service’s dumpConfiguration path (getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat). The underlying issue is an OS command injection in the SOAP Service, with local...

6.7CVSS7.4AI score0.00375EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2024/04/29 6:22 a.m.17 views

CVE-2024-3196 MailCleaner SOAP Service dumpConfiguration os command injection

A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/ServicessilentDump/ServicesstopStartMTA/ConfigsaveDateTime/Confighostid/LogsStartGetStat/dumpConfiguration of the component SOAP Service. The manipulation...

6.7CVSS7.4AI score0.00375EPSS
Exploits1References5
Cvelist
Cvelistadded 2024/04/29 6:22 a.m.29 views

CVE-2024-3196 MailCleaner SOAP Service dumpConfiguration os command injection

A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/ServicessilentDump/ServicesstopStartMTA/ConfigsaveDateTime/Confighostid/LogsStartGetStat/dumpConfiguration of the component SOAP Service. The manipulation...

6.7CVSS7.3AI score0.00375EPSS
Exploits1References5
Rows per page
Query Builder