Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

RedhatCVE
RedhatCVEadded 2025/10/17 12:43 a.m.4 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

6.5CVSS8.1AI score0.0018EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/16 6:30 p.m.2 views

EUVD-2025-34800

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

6.5CVSS7.5AI score0.0018EPSS
Exploits0References3
NVD
NVDadded 2025/10/16 6:15 p.m.2 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

6.5CVSS0.0018EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/10/16 12:0 a.m.2 views

Vfront 安全漏洞

Vfront is a database management front-end tool by Marcello Verona Personal Developer. A security vulnerability exists in Vfront version 0.99.52, which stems from a failure to validate or use the allowedclasses option when performing deserialization operations on user-controlled input, which could...

6.5CVSS7.9AI score0.0018EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/16 12:0 a.m.1 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

7.7AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/16 12:0 a.m.6 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

0.0018EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-25779

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2019-19197

Malware in sbrugna...

6.1CVSS6.3AI score0.00234EPSS
Exploits2References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-19198

Malware in sbrugna...

6.1CVSS6.3AI score0.00233EPSS
Exploits2References4
RedhatCVE
RedhatCVEadded 2025/05/22 6:43 p.m.3 views

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

6.1CVSS6.3AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:58 a.m.6 views

CVE-2019-9839

VFront 0.99.5 has Reflected XSS via the admin/menuregistri.php descrizioneg parameter or the admin/syncregtab.php azzera parameter...

6.1CVSS5.9AI score0.00233EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:58 a.m.8 views

CVE-2019-9838

VFront 0.99.5 has stored XSS via the admin/syncregtab.php azzera parameter, which is mishandled during admin/errorlog.php rendering...

6.1CVSS5.7AI score0.00234EPSS
Exploits2References1
CNVD
CNVDadded 2021/11/09 12:0 a.m.15 views

vfront cross-site scripting vulnerability

vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...

6.1CVSS2.9AI score0.0024EPSS
Exploits1References1
OSV
OSVadded 2021/11/08 7:15 p.m.1 views

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

6.1CVSS6.4AI score
Exploits0References1
NVD
NVDadded 2021/11/08 7:15 p.m.7 views

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

6.1CVSS0.0024EPSS
Exploits1References1
Prion
Prionadded 2021/11/08 7:15 p.m.7 views

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

4.3CVSS6.2AI score0.0024EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2021/11/08 6:7 p.m.9 views

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

6.3AI score0.0024EPSS
Exploits1References1
CVE
CVEadded 2021/11/08 6:7 p.m.42 views

CVE-2021-39420

CVE-2021-39420 affects VFront 0.99.5 and is a cross-site scripting (XSS) vulnerability exposed via two input vectors: the s parameter in search_all.php and the msg parameter in add.attach.php. The public descriptions indicate XSS; no exploitation details or patch/version remediation are provided ...

6.1CVSS6.2AI score0.0024EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2021/11/08 12:0 a.m.3 views

VFront 跨站脚本漏洞

vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...

6.1CVSS5.3AI score0.0024EPSS
Exploits1References2
NVD
NVDadded 2019/06/03 9:29 p.m.10 views

CVE-2019-9839

VFront 0.99.5 has Reflected XSS via the admin/menuregistri.php descrizioneg parameter or the admin/syncregtab.php azzera parameter...

6.1CVSS6.1AI score0.00233EPSS
Exploits2References2
Rows per page
Query Builder