Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Tenable Nessus
Tenable Nessusadded 2026/03/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF expo...

8.8CVSS6.4AI score0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/12/17 9:29 p.m.1 views

CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

9.1CVSS7.8AI score0.21073EPSS
Exploits3References1
RedhatCVE
RedhatCVEadded 2025/12/17 5:1 p.m.2 views

CVE-2025-68116

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

8.9CVSS5.4AI score0.00034EPSS
Exploits1References1
NVD
NVDadded 2025/12/12 4:15 a.m.5 views

CVE-2025-14045

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.00026EPSS
Exploits0References4
Snyk
Snykadded 2025/05/21 7:52 p.m.1 views

Deserialization of Untrusted Data

Overview sjbr/sr-feuser-register is an A self-registration variant of Kasper Skårhøj's Front End User Admin extension for TYPO3 CMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via an unsafe uploaded file without proper validation. An attacker can execute...

10CVSS7.8AI score0.02182EPSS
Exploits0References2
OSV
OSVadded 2024/03/18 7:15 p.m.0 views

CVE-2023-7085

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS7.3AI score
Exploits0References1
Gitee
Giteeadded 2021/07/15 10:12 p.m.2 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行, Files Inclusion...

6.1AI score
Exploits0
Gitee
Giteeadded 2020/03/17 1:50 p.m.2 views

pikachu

This is an offensive tool for Web application security testing. It is a web application that contains various web security vulnerabilities, including Burt Force brute-force, XSS cross-site scripting, CSRF cross-site request forgery, SQL-Inject SQL injection, RCE remote code execution, Files...

6.9AI score
Exploits0
Rows per page
Query Builder