Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 7:48 a.m.5 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

9.8CVSS8.2AI score0.00255EPSS
Exploits1References1
OSV
OSVadded 2024/10/22 4:15 p.m.0 views

UBUNTU-CVE-2024-46240

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...

4.8CVSS5.8AI score0.00176EPSS
Exploits1References3
CVE
CVEadded 2024/07/16 12:0 a.m.41 views

CVE-2024-40456

ThinkSAAS v3.7.0 contains an SQL injection vulnerability exploitable via the name parameter in /system/action/update.php. Root cause described in connected sources as insufficient validation of external input in that endpoint. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no pri...

9.8CVSS8.5AI score0.00255EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2021/08/31 2:15 p.m.12 views

CVE-2020-19047

Cross Site Request Forgey CSRF in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admineditact'...

8.8CVSS0.00259EPSS
Exploits1References1
OSV
OSVadded 2021/06/15 8:15 p.m.1 views

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

8.8CVSS7.6AI score
Exploits0References1
CNVD
CNVDadded 2018/10/16 12:0 a.m.2 views

Artifex Ghostscript Security Bypass Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security bypass...

6.3CVSS9.2AI score0.00363EPSS
Exploits0References1
OSV
OSVadded 2017/07/24 1:29 p.m.1 views

CVE-2017-11324

An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter...

9.8CVSS5.8AI score
Exploits0References1
Microsoft Security Update
Microsoft Security Updateadded 1970/01/01 12:0 a.m.10 views

Security Update for Windows XP x64 Edition (KB974571)

A security issue has been identified that could allow an attacker to misrepresent a system action or behavior without the knowledge of the user. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...

6.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Updateadded 1970/01/01 12:0 a.m.13 views

Security Update for Windows Server 2003 (KB951746)

A security issue has been identified that could allow a remote attacker to misrepresent a system action or behavior unbeknownst to users on Microsoft Windows systems. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart...

4.4AI score
Exploits0
Rows per page
Query Builder