Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-51060

Malicious code in bioql PyPI...

6.1CVSS8.7AI score0.01684EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 8:0 a.m.4 views

CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

6.5CVSS6.5AI score0.00136EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/06 3:58 a.m.7 views

CVE-2021-39181

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

8.8CVSS7.4AI score0.00546EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/04 7:24 a.m.18 views

CVE-2024-12701 WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.01684EPSS
Exploits0References4
Ivanti
Ivantiadded 2023/02/14 7:22 a.m.10 views

SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability was discovered under Pulse Connect Secure PCS. This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user...

9CVSS7.9AI score0.22676EPSS
Exploits0
wpexploit
wpexploitadded 2022/11/08 12:0 a.m.534 views

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML file...

0.2AI score0.0056EPSS
Exploits2
ATTACKERKB
ATTACKERKBadded 2022/07/04 1:15 p.m.1 views

CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...

7.2CVSS7.1AI score0.00956EPSS
Exploits2References2
Metasploit
Metasploitadded 2018/01/24 8:47 p.m.44 views

Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow

This module exploits a buffer overflow in Dup Scout Enterprise v10.4.16 by using the import command option to import a specially crafted xml file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

7.8CVSS0.6AI score0.86559EPSS
Exploits11
Rows per page
Query Builder