Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/12/24 8:15 p.m.3 views

CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...

7.1CVSS0.00362EPSS
Exploits1References3
CNNVD
CNNVDadded 2025/12/01 12:0 a.m.3 views

FeehiCMS 安全漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which originates from an unvalidated id parameter in the User Update function, which could lead to a cross-site scripting attack...

6.1CVSS5.8AI score0.00034EPSS
Exploits1References3
CNVD
CNVDadded 2025/08/10 12:0 a.m.1 views

Online Admission System SQL Injection Vulnerability

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /adminac.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00232EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/05/27 12:0 a.m.1 views

auth-js 路径遍历漏洞

auth-js is a Supabase Auth isomorphic Javascript library open-sourced by Supabase. A path traversal vulnerability exists in versions of auth-js prior to 2.69.1, which stems from an unvalidated user-supplied UUID and could lead to URL path traversal...

6.9CVSS6.4AI score0.002EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/03/20 12:0 a.m.1 views

LibreChat 访问控制错误漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An access control error vulnerability exists in LibreChat version v0.7.5-rc2, which stems from the Delete Attachment feature not validating the attachment ID, which could lead to a user deleting another person's attachment...

7.6CVSS7.5AI score0.00076EPSS
Exploits1References2
CNNVD
CNNVDadded 2022/05/12 12:0 a.m.1 views

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. version 1.0 of Online Sports Complex Booking System is vulnerable to SQL injection, which originates in scbs/classes/ Master.php?f=delete, the id parameter of the post request lacks...

9.8CVSS8.7AI score0.00264EPSS
Exploits1References2
OSV
OSVadded 2022/03/14 3:15 p.m.1 views

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...

6.1CVSS5.8AI score0.49041EPSS
Exploits4References1
CNNVD
CNNVDadded 2021/01/05 12:0 a.m.2 views

Ipeak Ibexwebcms SQL Injection Vulnerability

Ipeak Ibexwebcms is a website builder for booking housing from Ipeak Norway. A SQL injection vulnerability exists in ipeak Infosystems ibexwebCMS IPeakCMS 3.5, which originates from an unvalidated id parameter on the /cms/print.php page...

9.8CVSS7.4AI score0.79327EPSS
Exploits3References8
Rows per page
Query Builder