Lucene search
+L

1335 matches found

Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.7 views

PT-2026-7607

Name of the Vulnerable Software and Affected Versions InoERP version 0.7.2 Description InoERP version 0.7.2 has a persistent cross-site scripting issue in the comment section. Unauthenticated attackers can inject malicious scripts, such as JavaScript payloads, through comments. These scripts...

6.4CVSS5.8AI score0.00225EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2026/02/05 1:59 p.m.199 views

SSRF-to-RCE-Scanner

SSRF-to-RCE-Scanner IT is advanced Python-based security tool...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.10 views

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

8.8CVSS8.3AI score0.00786EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.7 views

CVE-2009-4039

Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:6 a.m.8 views

CVE-2016-2356

Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password...

9.8CVSS7.7AI score0.03206EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.10 views

CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

6.1CVSS6AI score0.00478EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31210

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/setparam.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts...

9.8CVSS6.9AI score0.0107EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.13 views

CVE-2022-26158

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...

6.1CVSS7.3AI score0.00713EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.6 views

CVE-2020-12765

Solis Miolo 2.0 allows index.php?module=install=view= Directory Traversal...

5.3CVSS7AI score0.01299EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/02 7:40 a.m.183 views

OreaHax-Framework

OreaHax-Framework ╔════════════════════════════════════...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/12/29 9:20 p.m.171 views

SQL-Injection-IDPS

Payloads All The Things A list of useful payloads and bypass...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/12/18 9:31 p.m.4 views

EUVD-2025-204361

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks...

6.9CVSS6.7AI score0.00181EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/17 11:56 a.m.161 views

task-3-security-testing

Security Testing for Web Applications Task 3: CODTECH Inte...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/27 1:4 p.m.11 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

7.5CVSS7.1AI score0.00578EPSS
Exploits1References1
Imperva Blog
Imperva Blog
added 2025/11/26 9:25 a.m.8 views

Paris, The Thinker, and why your WAF should block XSS by default

With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...

6.3AI score
Exploits0
Redos
Redos
added 2025/11/25 12:0 a.m.10 views

ROS-20251125-12

Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...

9.1CVSS7.1AI score0.19396EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2025/10/30 12:35 p.m.11 views

What Security Teams Need to Know as PHP and IoT Exploits Surge

Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...

10CVSS10AI score0.99999EPSS
Exploits111
GithubExploit
GithubExploit
added 2025/10/28 5:49 p.m.277 views

Exploit for CVE-2025-55752

🚨🚨 CVE-2025-55752 — Apache Tomcat: Directory-protection bypass v...

7.5CVSS8.4AI score0.66535EPSS
Exploits4
GithubExploit
GithubExploit
added 2025/10/25 6:1 p.m.129 views

cybersec-ids

cybersec-ids Full-stack AI-driven Web App Intrusion Detection...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2025/10/25 3:34 p.m.160 views

Exploit for CVE-2025-63307

CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...

8.1CVSS5.4AI score0.00361EPSS
Exploits2
Rows per page
Query Builder