Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/02/03 12:0 a.m.1 views

CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

5.8AI score0.00361EPSS
Exploits0References1
NVD
NVDadded 2025/12/15 9:15 p.m.1 views

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.8CVSS0.00505EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/12/04 12:0 a.m.3 views

PT-2025-49172

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2025.102 Description A Stored Cross-Site Scripting XSS issue exists in SysReptor, a customizable pentest reporting platform. Authenticated users can execute malicious JavaScript code within the context of other...

7.3CVSS5.5AI score0.00026EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2025/09/24 9:23 a.m.4 views

CVE-2025-10009

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...

8.6CVSS7.9AI score0.00145EPSS
Exploits0References1
OSV
OSVadded 2025/06/26 9:15 p.m.1 views

UBUNTU-CVE-2014-0468

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...

9.8CVSS5.8AI score0.0043EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/06/26 12:0 a.m.2 views

fusionforge 安全漏洞

FusionForge is a suite of collaborative team development tools. The product includes features such as online communication, bug tracking and project management. A security vulnerability exists in versions prior to fusionforge 5.3+20140506, which stems from an Apache configuration that allows...

9.8CVSS6.6AI score0.0043EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/01/02 6:0 a.m.12 views

CVE-2024-11184 WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG

The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts...

0.00306EPSS
Exploits1References1
OSV
OSVadded 2019/05/23 4:29 p.m.1 views

CVE-2017-11740

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system...

8.8CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder