Lucene search
K

1927 matches found

CVE
CVE
added 2026/01/27 3:23 p.m.9 views

CVE-2021-47900

Gila CMS

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.21 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 3:23 p.m.4 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4931

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell exec to run system commands by sending...

9.8CVSS6.7AI score0.00602EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.7 views

CVE-2021-31794

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...

6.1CVSS5.8AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.5 views

CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...

6.1CVSS6AI score0.0102EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12645

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption...

9.8CVSS6.9AI score0.01075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.5 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1CVSS6.5AI score0.0299EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.16 views

CVE-2019-12198

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header...

7.5CVSS7.1AI score0.01266EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/04 8:21 a.m.172 views

LFI-DVWA-Lab-

LFI Exploitation – DVWA Lab 📌 Overview This project demons...

7.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/24 7:36 p.m.6 views

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS6.3AI score0.00249EPSS
Exploits1References1
NVD
NVD
added 2025/12/23 8:15 p.m.5 views

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS0.00249EPSS
Exploits1References4
OSV
OSV
added 2025/12/23 8:15 p.m.4 views

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS5.8AI score0.00249EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.28 views

CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS0.00249EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.6 views

CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS5.9AI score0.00249EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-52838

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description The software contains a persistent cross-site scripting issue that permits unauthorized users to inject malicious JavaScript into private messages. An attacker can send messages containing script payloads with...

6.4CVSS6AI score0.00249EPSS
Exploits1References6
NVD
NVD
added 2025/12/19 12:15 a.m.5 views

CVE-2025-14897

A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...

7.2CVSS0.00306EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/18 11:32 p.m.4 views

CVE-2025-14897 CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection

A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...

5.8CVSS6.8AI score0.00306EPSS
Exploits1References5
Veracode
Veracode
added 2025/12/13 7:56 a.m.10 views

Arbitrary Code Injection

Ray is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the User-Agent header combined with lack of protection against DNS rebinding attacks, which allows an attacker to execute arbitrary code on a developer’s system via a malicious website or...

9.4CVSS7.1AI score0.00338EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/01 6:13 a.m.11 views

CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS6.4AI score0.00338EPSS
Exploits0References5
Rows per page
Query Builder