Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2126 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-32547

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01706EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-31938

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01681EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2024-33609

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.0074EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-50650

Malicious code in bioql PyPI...

10CVSS9.2AI score0.01178EPSS
Exploits0References1
NVD
NVDadded 2025/09/26 9:15 a.m.5 views

CVE-2025-60156

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

9.6CVSS0.00159EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/09/19 12:0 a.m.9 views

WordPress plugin Goza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8AI score0.47809EPSS
Exploits3References4
Positive Technologies
Positive Technologiesadded 2025/09/19 12:0 a.m.8 views

PT-2025-38501

Name of the Vulnerable Software and Affected Versions Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2 Description The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the beplus import...

9.8CVSS8.2AI score0.47809EPSS
Exploits3References8
RedhatCVE
RedhatCVEadded 2025/09/14 11:22 a.m.13 views

CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS7.3AI score0.00385EPSS
Exploits0References1
NVD
NVDadded 2025/09/12 11:15 a.m.3 views

CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS0.00385EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/12 10:24 a.m.2 views

CVE-2025-10267 NewType Infortech|NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS7AI score0.00385EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/12 10:24 a.m.5 views

CVE-2025-10267 NewType Infortech|NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

6.9CVSS0.00385EPSS
Exploits0References2
CVE
CVEadded 2025/09/12 10:24 a.m.11 views

CVE-2025-10267

CVE-2025-10267 affects the NUP Portal by NewType Infortech. The issue is missing authentication, allowing unauthenticated remote attackers to upload files. If file extension restrictions are bypassed, attackers could upload a webshell and execute it on the server side. Modeled across multiple fee...

6.9CVSS7AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/12 12:0 a.m.3 views

PT-2025-37302

Name of the Vulnerable Software and Affected Versions: NUP Portal affected versions not specified Description: The NUP Portal application developed by NewType Infortech suffers from a missing authentication issue. This allows unauthenticated remote attackers to directly upload files to the system...

6.9CVSS6.8AI score0.00385EPSS
Exploits0References7
NVD
NVDadded 2025/09/08 11:15 p.m.5 views

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

9.9CVSS0.00705EPSS
Exploits1References1
OSV
OSVadded 2025/09/08 10:40 p.m.4 views

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

9.9CVSS7.9AI score0.00705EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/09/08 10:40 p.m.7 views

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

9.9CVSS0.00705EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/09/08 12:0 a.m.5 views

PT-2025-36524

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. An arbitrary file upload issue exists due to insufficient file type validation. The application only checks MIME types for Excel files at the...

9.9CVSS7.6AI score0.00705EPSS
Exploits1References6
GithubExploit
GithubExploitadded 2025/09/04 11:42 p.m.286 views

Exploit for CVE-2025-58440

CVE-2025-58440 Remote Code Execution RCE via Polyglot File A...

8.3AI score
Exploits1
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-28838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow...

9.6CVSS7.9AI score0.00766EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/08/23 7:9 a.m.326 views

Exploit for Improper Handling of Parameters in Fortinet Fortiweb

🚨 FortiWeb Authentication Bypass → Remote Code Execution...

8.1CVSS9AI score0.1067EPSS
Exploits4
Rows per page
Query Builder