Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

821 matches found

EUVD
EUVDadded 2025/12/06 6:30 a.m.4 views

EUVD-2025-201538

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

5.3CVSS5.9AI score0.00199EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2025/12/06 5:32 a.m.3 views

CVE-2025-14117 fit2cloud Halo cross-site request forgery

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

5.3CVSS6.1AI score0.00199EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/12/06 5:32 a.m.16 views

CVE-2025-14117 fit2cloud Halo cross-site request forgery

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

5.3CVSS0.00199EPSS
Exploits1References5
CVE
CVEadded 2025/12/06 5:32 a.m.6 views

CVE-2025-14117

CVE-2025-14117 affects fit2cloud Halo 2.21.10. The vulnerability is a cross-site request forgery in an unknown function, exploitable remotely with the exploit publicly disclosed. Multiple sources (NVD, Red Hat, EUVD, OSV, CVE List) confirm the same impact and remote vector. No version fixes are d...

6.5CVSS6.1AI score0.00199EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/06 12:0 a.m.3 views

PT-2025-49329

Name of the Vulnerable Software and Affected Versions fit2cloud Halo version 2.21.10 Description A cross-site request forgery issue exists in fit2cloud Halo version 2.21.10. The issue is related to an unknown function. The attack can be initiated remotely and the exploit has been publicly...

6.5CVSS4.4AI score0.00199EPSS
Exploits1References10
RedhatCVE
RedhatCVEadded 2025/12/01 3:19 p.m.5 views

CVE-2025-13790

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...

8.8CVSS6.4AI score0.00221EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/12/01 8:2 a.m.11 views

CVE-2025-13815 moxi159753 Mogu Blog v2 pictures unrestricted upload

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

6.5CVSS0.00319EPSS
Exploits1References5
OSV
OSVadded 2025/11/30 3:15 p.m.4 views

CVE-2025-13790

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...

8.8CVSS6.5AI score
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/30 12:0 a.m.8 views

PT-2025-48393

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure...

5.3CVSS6.5AI score0.00221EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2025/11/30 12:0 a.m.4 views

PT-2025-48398

Name of the Vulnerable Software and Affected Versions codingWithElias School Management System affected versions not specified Description A weakness exists in codingWithElias School Management System. The issue involves cross site scripting triggered by manipulating the First Name argument withi...

4.8CVSS3.1AI score0.00202EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2025/11/26 4:56 p.m.4 views

CVE-2025-13588

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/25 1:33 a.m.12 views

CVE-2025-13576

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

8.8CVSS6.8AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/25 1:33 a.m.14 views

CVE-2025-13577

A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

5.4CVSS3.4AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/24 9:27 a.m.11 views

CVE-2025-13544

A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customerregister.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...

9.8CVSS6.5AI score0.00324EPSS
Exploits1References1
EUVD
EUVDadded 2025/11/24 2:32 a.m.5 views

EUVD-2025-198599

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References6
NVD
NVDadded 2025/11/24 1:15 a.m.9 views

CVE-2025-13576

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

8.8CVSS0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/11/24 1:2 a.m.11 views

CVE-2025-13576 code-projects Blog Site admin.php improper authorization

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

6.5CVSS6.4AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/24 12:0 a.m.3 views

PT-2025-47874

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS7.1AI score0.00263EPSS
Exploits1References6
OSV
OSVadded 2025/11/23 9:15 a.m.2 views

CVE-2025-13544

A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customerregister.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...

9.8CVSS5.5AI score0.00324EPSS
Exploits1References4
NVD
NVDadded 2025/11/19 4:15 p.m.9 views

CVE-2025-13396

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

9.8CVSS0.00272EPSS
Exploits1References5
Rows per page
Query Builder