Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

OSV
OSVadded 2025/11/27 6:30 p.m.1 views

GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.7AI score0.00033EPSS
Exploits0References4
NVD
NVDadded 2025/11/27 6:15 p.m.1 views

CVE-2025-3261

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00033EPSS
Exploits0
CVE
CVEadded 2025/11/27 6:11 p.m.5 views

CVE-2025-3261

CVE-2025-3261 entry is rejected/not used as stated; it does not represent an active vulnerability.

5.4AI score0.00033EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2025/11/27 6:11 p.m.2 views

CVE-2025-3261

...

6.2AI score0.00033EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/11/27 12:0 a.m.1 views

PT-2025-48282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...

6.2CVSS5.4AI score0.00033EPSS
Exploits0References6
Qualys Blog
Qualys Blogadded 2022/12/16 2:34 p.m.71 views

Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 2

This blog is a continuation of our first blog on implementing risk-based vulnerability management with Qualys TruRiskTM. In the first blog, we covered how to correctly tag and categorize assets for accurate risk assessment. Now that you have properly tagged your assets, Qualys TruRiskTM will...

7.1AI score
Exploits0
WPVulnDB
WPVulnDBadded 2022/11/18 12:0 a.m.17 views

Plugin for Google Reviews < 2.2.3 - Subscriber+ Widget Creation

The plugin does not have proper authorisation when creating widgets, which could allow users with a role as low as subscriber to create widgets...

4.3CVSS4.2AI score0.00188EPSS
Exploits0Affected Software1
CNVD
CNVDadded 2021/01/22 12:0 a.m.1 views

OpenMage Magento Lts Code Execution Vulnerability

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability in OpenMage Magento Lts before versions 19.4.10 and 20.0.5 can be exploited by an attacker to remotely execute code, which can be injected into the server by an administrator with the privilege to...

8.7CVSS7.1AI score0.01874EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2019/09/05 12:0 a.m.18 views

CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution

Total.js is a Node.js Framework for building e-commerce applications, REST services, real-time apps, or apps for Internet of Things IoT, etc. Total.js CMS is a Content Management System application that is part of the Total.js framework. A commercial version is also available, and can be seen use...

9.9CVSS9AI score0.56909EPSS
Exploits5References2
Packet Storm
Packet Stormadded 2019/09/03 12:0 a.m.235 views

Totaljs CMS 12.0 Widget Creation Code Injection

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Authenticated Code injection on widget creation. + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with “widgets” privilege can gain RCE on the remote server by creating a malicious widget with a...

7.4AI score
Exploits0
Rows per page
Query Builder