Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2025/02/07 6:15 p.m.1 views

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

6.1CVSS5.4AI score
Exploits0References3
OSV
OSVadded 2024/11/04 7:15 p.m.1 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2023/10/10 5:15 p.m.0 views

CVE-2023-34987

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

8.8CVSS5.9AI score0.017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/09/09 7:15 a.m.1 views

CVE-2022-29061

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests...

7.2CVSS7.2AI score0.02948EPSS
Exploits0References2
CNNVD
CNNVDadded 2021/04/14 12:0 a.m.2 views

MDaemon Technologies WorldClient 跨站脚本漏洞

MDaemon Webmail is an application from MDaemon Inc. A cross-site scripting vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited to perform any action with the privileges of the attacked user via a GET request...

6.1CVSS5.2AI score0.00308EPSS
Exploits1References3
OSV
OSVadded 2021/01/26 6:15 p.m.1 views

CVE-2020-36200

TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs...

6.5CVSS6.6AI score0.00267EPSS
Exploits0References1
CNVD
CNVDadded 2017/08/01 12:0 a.m.1 views

Oracle GlassFish Server Open Source Edition Path Traversal Vulnerability

Oracle GlassFish Server Open Source Edition is the United States Oracle Oracle company's set of open source version of the server used to build Java EE server-side Java applications. A directory traversal vulnerability exists in Oracle GlassFish Server Open Source Edition version 4.1. The...

7.5CVSS7.4AI score0.94123EPSS
Exploits7References1
RedHat Linux
RedHat Linuxadded 2013/04/15 5:45 p.m.2 views

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

5.8CVSS7.4AI score0.01785EPSS
Exploits0References4
Rows per page
Query Builder