Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

90 matches found

Cvelist
Cvelistadded 2025/12/23 12:0 a.m.22 views

CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

0.00181EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-16644

Malware in sbrugna...

9.8CVSS9.4AI score0.02148EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-52922

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00198EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 3:48 p.m.3 views

CVE-2020-23907

An issue was discovered in retdec v3.3. In function canSplitFunctionOn of irmodifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution...

9.8CVSS7.2AI score0.02148EPSS
Exploits1
NVD
NVDadded 2024/03/01 11:15 p.m.8 views

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References2
NVD
NVDadded 2024/03/01 11:15 p.m.13 views

CVE-2024-25438

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References2
NVD
NVDadded 2024/03/01 11:15 p.m.6 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.4CVSS5.6AI score0.00156EPSS
Exploits1References2
Prion
Prionadded 2024/03/01 11:15 p.m.8 views

Cross site scripting

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

6.1AI score0.00156EPSS
Exploits1References2
Prion
Prionadded 2024/03/01 11:15 p.m.10 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

6.1AI score0.00212EPSS
Exploits1References2
Prion
Prionadded 2024/03/01 11:15 p.m.9 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

6.1AI score0.00212EPSS
Exploits2References2
Cvelist
Cvelistadded 2024/03/01 12:0 a.m.14 views

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

5.7AI score0.00212EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/03/01 12:0 a.m.15 views

CVE-2024-25438

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

5.7AI score0.00212EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/03/01 12:0 a.m.12 views

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

5.8AI score0.00212EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/03/01 12:0 a.m.10 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.7AI score0.00156EPSS
Exploits1References2
CVE
CVEadded 2024/03/01 12:0 a.m.62 views

CVE-2024-25434

CVE-2024-25434 affects Pkp Ojs v3.3, with a stored/reflected XSS vulnerability in the Publicname parameter. The available sources describe that arbitrary web scripts/HTML can be executed via crafted input, but do not provide a confirmed exploit method or patch details. CVSS 3.1 base score is 5.4 ...

5.4CVSS5.7AI score0.00156EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2024/02/07 12:15 a.m.12 views

Sql injection

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

7.5CVSS8.2AI score0.00127EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2024/02/06 12:0 a.m.139 views

CVE-2024-24002

jshERP v3.3 is affected by an SQL injection in the MaterialController.getListWithStock() function. The vulnerability stems from inadequate filtering of the column and order parameters, allowing crafted input to bypass the safeSqlParse protection. No exploitation details are provided in the availa...

9.8CVSS9.8AI score0.00127EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2024/02/06 12:0 a.m.160 views

CVE-2024-24004

CVE-2024-24004 affects jshERP v3.3. The vulnerability arises in com.jsh.erp.controller.DepotHeadController.findInOutDetail() where safeSqlParse does not properly filter the column and order parameters, enabling SQL injection by crafting a malicious payload. Impact is described as high/critical (C...

9.8CVSS9.8AI score0.00118EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2024/02/06 12:0 a.m.54 views

CVE-2024-24001

CVE-2024-24001 affects jshERP v3.3 and is a SQL Injection in the internal API path com.jsh.erp.controller.DepotHeadController.findallocationDetail() via com.jsh.erp.utils.BaseResponseInfo. The vulnerability allows an attacker to craft a malicious payload to bypass protection mechanisms. Impact in...

9.8CVSS9.6AI score0.00059EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploitadded 2024/01/12 8:40 a.m.30 views

There are 4 sql injection vulnerabilities and 1 file upload vulnerability in jshERP v3.3

public static String safeSqlParseString originStr re...

7.5AI score
Exploits0
Rows per page
Query Builder