Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2025/10/20 7:56 p.m.2 views

CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

5.3CVSS6AI score0.00047EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/20 7:56 p.m.8 views

CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

5.3CVSS0.00047EPSS
Exploits0References1
Huntr
Huntradded 2022/12/20 11:32 a.m.68 views

Cross-site scripting - Stored via upload `.svg` file in

Description When user upload a file with .svg extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing SVG as HTML file Proof of Concept POST /api/resource HTTP/2 Host: demo.usememos.com Cookie:...

4.9CVSS5.6AI score0.00336EPSS
Exploits1References2
Huntr
Huntradded 2022/05/04 2:20 p.m.13 views

Cross-site scripting - Stored via upload `.xsig` file

Description When user upload a file with .xsig extension and direct access this file, the server response with Content-type: text/html lead to processing XSIG as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5....

6.9AI score
Exploits0References1
OSV
OSVadded 2020/08/12 2:15 p.m.1 views

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

9CVSS7.4AI score
Exploits0References2
NVD
NVDadded 2020/08/12 2:15 p.m.11 views

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

9CVSS9AI score0.00892EPSS
Exploits0References2
Cvelist
Cvelistadded 2018/05/25 12:0 p.m.17 views

CVE-2018-1134

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

6.9AI score0.00116EPSS
Exploits0References2
Rows per page
Query Builder