111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the …
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation …
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads …
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is …
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists …
Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. …
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP …
phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute …
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: …
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through <= …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: …
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the …
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component …
Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a …
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were …
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access …
DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) …
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on …
Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url …
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation …
File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of …
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the …
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument …
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation …
A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a …
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such …
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This …
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument …
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of …
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the …
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing …
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. …
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary …
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based …
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The …
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code …
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
Free website and port scanning — find vulnerabilities before attackers do.