Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/02/19 12:0 a.m.3 views

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability, which stems from an SQL injection vulnerability in the widget API endpoint. This vulnerability could lead to data leaks or the execution of arbitrary...

8.8CVSS6.1AI score0.00037EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/27 12:32 p.m.2 views

EUVD-2025-36162

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.4AI score0.0005EPSS
Exploits0References5
NVD
NVDadded 2025/10/27 11:15 a.m.2 views

CVE-2025-12266

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS0.0005EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/27 12:0 a.m.2 views

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

6.5CVSS7AI score0.0005EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.2 views

PT-2025-43933

Name of the Vulnerable Software and Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service versions prior to 20251010 Description A code injection issue exists in the Central Authentication Service. The issue is located in the empty function of the /index.php/auth/widget...

6.5CVSS7AI score0.0005EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/08/29 12:0 a.m.1 views

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xportalassembledesigner/jaxrs/widget...

5.4CVSS4.4AI score0.00078EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2024/10/01 12:0 a.m.1 views

PT-2024-31860 · Pagekit · Pagekit

Name of the Vulnerable Software and Affected Versions: Pagekit version 1.0.18 Description: The issue is related to Cross Site Scripting XSS in the "index.php/admin/site/widget" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users who visit...

5.3CVSS5.8AI score0.00209EPSS
Exploits1References9
Rows per page
Query Builder