Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2118 matches found

Positive Technologies
Positive Technologiesadded 2025/12/22 12:0 a.m.5 views

PT-2025-52722

Name of the Vulnerable Software and Affected Versions PluXml CMS version 5.8.22 Description An authenticated attacker with administrator panel access can execute arbitrary code remotely. This is achieved by injecting a malicious PHP webshell into a theme file, such as home.php. The attack require...

6.5CVSS7.3AI score0.00179EPSS
Exploits3References6
Vulnrichment
Vulnrichmentadded 2025/12/22 12:0 a.m.6 views

CVE-2025-67436

Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...

7AI score0.00179EPSS
Exploits2References2
CNNVD
CNNVDadded 2025/12/22 12:0 a.m.5 views

PluXml 安全漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version 5.8.22, which originates from an attacker with administrator panel access who can inject a malicious PHP webshell into theme...

6.5CVSS7.6AI score0.00179EPSS
Exploits2References3
Veracode
Veracodeadded 2025/12/13 4:43 a.m.4 views

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

9.8CVSS7.4AI score0.06397EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploitadded 2025/12/11 8:15 p.m.144 views

Exploit for CVE-2020-1938

Ghostcat Scanner - CVE-2020-1938 A powerful Python exploit to...

9.8CVSS7AI score0.94469EPSS
Exploits44
CNNVD
CNNVDadded 2025/12/11 12:0 a.m.1 views

Compuware iStrobe Web 代码问题漏洞

Compuware iStrobe Web is a mainframe performance analysis and optimization tool from Compuware Corporation. A code issue vulnerability exists in Compuware iStrobe Web version 20.13, which arises from a path traversal in the file upload form that could result in the upload of a JSP webshell and th...

9.2CVSS7.3AI score0.01811EPSS
Exploits0References4
EUVD
EUVDadded 2025/12/10 6:30 p.m.3 views

EUVD-2025-202447

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

10CVSS7.7AI score0.01271EPSS
Exploits1References5
GithubExploit
GithubExploitadded 2025/12/10 6:10 p.m.121 views

Exploit for CVE-2025-57460

CVE-2025-57460 Des: File upload vuln...

7.4AI score0.00033EPSS
Exploits1
OSV
OSVadded 2025/12/10 4:16 p.m.3 views

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

9.8CVSS6.5AI score
Exploits0References4
CVE
CVEadded 2025/12/10 3:44 p.m.16 views

CVE-2025-34392

Barracuda Service Center (as implemented in Barracuda RMM) prior to version 2025.1.1 contains an insufficient WSDL URL validation in attacker-controlled WSDLs, enabling arbitrary file write and remote code execution via webshell uploads. Affected products include Barracuda RMM’s Service Center in...

10CVSS7.9AI score0.01271EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/10 8:36 a.m.2 views

CVE-2025-41694

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS7AI score0.00146EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/09 6:30 p.m.1 views

EUVD-2025-201891

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS6.5AI score0.00146EPSS
Exploits0References2
OSV
OSVadded 2025/12/09 4:17 p.m.0 views

CVE-2025-41694

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References1
NVD
NVDadded 2025/12/09 4:17 p.m.10 views

CVE-2025-41694

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS0.00146EPSS
Exploits0References1
CVE
CVEadded 2025/12/09 8:12 a.m.11 views

CVE-2025-41694

PHOENIX CONTACT FL SWITCH (industrial Ethernet switch) is affected by CVE-2025-41694. A low-privileged remote attacker can trigger a webshell with an empty command containing whitespace, causing the server to block and leading to a DoS condition on the websserver. CNNVD/ENISA-ENISA-like entries s...

6.5CVSS6.7AI score0.00146EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/12/09 8:12 a.m.16 views

CVE-2025-41694 Authenticated Denial-of-Service via Webshell

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/09 8:12 a.m.1 views

CVE-2025-41694 Authenticated Denial-of-Service via Webshell

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS6.7AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.1 views

PT-2025-49813

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

6.5CVSS7AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/12/09 12:0 a.m.3 views

PHOENIX CONTACT FL SWITCH 安全漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT FL SWITCH versions prior to 3.50, which stems from improper handling of null commands by the webshell and could lead to a denial of service attack...

6.5CVSS6.6AI score0.00146EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/12/08 9:55 p.m.130 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182: Exploitation Artifacts An export of a small s...

10CVSS6.9AI score0.83197EPSS
Exploits378
Rows per page
Query Builder