Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-6489

Malware in sbrugna...

8.8CVSS8.8AI score0.00168EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/23 9:39 a.m.4 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

9.1CVSS7.2AI score0.00173EPSS
Exploits1References1
NVD
NVDadded 2024/04/17 7:15 p.m.8 views

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

3.5CVSS5.9AI score0.00133EPSS
Exploits1References1
NVD
NVDadded 2024/04/17 6:15 p.m.9 views

CVE-2024-30951

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the chpos parameter at /adm/admsmiley.php...

6.1CVSS6AI score0.0019EPSS
Exploits1References1
CVE
CVEadded 2024/04/17 12:0 a.m.45 views

CVE-2024-30950

CVE-2024-30950 affects FUDforum version 3.1.3. The vulnerability is described as a stored cross-site scripting (XSS) issue caused by a crafted payload injected into the SQL statements field under the API endpoint "/adm/admsql.php". Impact: attackers can execute arbitrary web scripts or HTML in th...

3.5CVSS6.1AI score0.00133EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2024/04/17 12:0 a.m.51 views

CVE-2024-30951

CVE-2024-30951 affects FUDforum v3.1.3 with a reflected XSS via the chpos parameter in /adm/admsmiley.php. The issue is documented across multiple sources (NVD, Red Hat, OSV, CVE lists) as a reflected XSS in that endpoint. The provided connected documents clearly identify the affected product/ver...

6.1CVSS6.1AI score0.0019EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2024/03/05 5:15 p.m.7 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

9.1CVSS6.9AI score0.00173EPSS
Exploits1References1
Prion
Prionadded 2024/03/05 5:15 p.m.14 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.6AI score0.00119EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/03/05 12:0 a.m.10 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.3AI score0.00119EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/03/05 12:0 a.m.9 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.2AI score0.00119EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/03/05 12:0 a.m.11 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

7.2AI score0.00173EPSS
Exploits1References1
CVE
CVEadded 2024/03/05 12:0 a.m.53 views

CVE-2024-27561

WonderCMS (version 3.1.3) is affected by a Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function. The vulnerability allows an attacker to coerce the application into making arbitrary outbound requests by injecting crafted URLs into the installThemePlugin parameter. Pub...

9.1CVSS7.2AI score0.00173EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2024/02/08 8:15 p.m.13 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

9.8CVSS9.8AI score0.38195EPSS
Exploits3References3
OSV
OSVadded 2023/07/25 6:4 p.m.25 views

GHSA-4QCV-QF38-5J3J Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

4.7CVSS4.6AI score0.00169EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2023/07/25 6:4 p.m.22 views

Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

4.7CVSS6.8AI score0.00169EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2023/04/07 9:15 p.m.7 views

CVE-2023-27033

Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent...

9.8CVSS9.7AI score0.00411EPSS
Exploits1References2
OSV
OSVadded 2022/02/16 8:15 p.m.9 views

CVE-2021-3242

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=...

9.8CVSS8.2AI score
Exploits0References2
Prion
Prionadded 2022/02/16 8:15 p.m.10 views

Sql injection

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=...

7.5CVSS9.7AI score0.00245EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2022/02/16 7:29 p.m.79 views

CVE-2021-3242

CVE-2021-3242 affects DuxCMS v3.1.3. A SQL injection vulnerability exists via the component s/tools/SendTpl/index?keyword=, allowing manipulation of the database through that parameter. The connected Red Hat, OSV, NVD and CVE data confirm the same vector without detailing exploit specifics or ava...

9.8CVSS9.8AI score0.00245EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/02/16 7:29 p.m.10 views

CVE-2021-3242

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=...

10AI score0.00245EPSS
Exploits1References2
Rows per page
Query Builder