Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Cvelist
Cvelistadded 2026/02/18 8:59 p.m.22 views

CVE-2019-25399 IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...

6.4CVSS0.00058EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/05/22 6:39 p.m.6 views

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...

9.8CVSS7.4AI score0.13082EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/04/03 12:0 a.m.2 views

PT-2024-2666

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L affected versions not specified D-Link DNS-325 affected versions not specified D-Link DNS-327L affected versions not specified D-Link DNS-340L affected versions not specified Description A critical issue exists in the HTTP GET...

9.8CVSS7.6AI score0.94425EPSS
Exploits8References109
OSV
OSVadded 2023/03/14 6:15 a.m.0 views

CVE-2023-27894

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

5.3CVSS6.3AI score
Exploits0References2
OSV
OSVadded 2022/10/13 1:15 p.m.18 views

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.1AI score
Exploits0References2
NVD
NVDadded 2021/08/31 3:15 a.m.9 views

CVE-2021-27556

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...

9CVSS0.0713EPSS
Exploits1References1
Cvelist
Cvelistadded 2021/08/31 2:38 a.m.12 views

CVE-2021-27556

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...

7.6AI score0.0713EPSS
Exploits1References1
Cvelist
Cvelistadded 2020/11/24 3:29 p.m.14 views

CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system...

7.2AI score0.00566EPSS
Exploits0References1
Cvelist
Cvelistadded 2011/11/04 9:0 p.m.16 views

CVE-2011-3330

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and...

7.7AI score0.01465EPSS
Exploits0References6
Rows per page
Query Builder