Lucene search
K

252606 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.7AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday8 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.3AI score0.01782EPSS
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-12240

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS0.00341EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7.3AI score0.15831EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday69 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7.2AI score0.0132EPSS
Exploits2
Nuclei
Nuclei
added yesterday29 views

Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

9.8CVSS7.8AI score0.09105EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday141 views

ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

7.2CVSS7.1AI score0.13894EPSS
Exploits14References4
Nuclei
Nuclei
added yesterday34 views

WordPress DZS Zoomsounds <=6.50 - Local File Inclusion

WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...

7.5CVSS7.2AI score0.66543EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday186 views

XWiki < 4.10.20 - Remote code execution

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a close...

10CVSS7.7AI score0.3452EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday335 views

Codoforum 5.1 - Arbitrary File Upload

Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain...

7.2CVSS7.2AI score0.24939EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday25 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02829EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday42 views

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...

6.1CVSS6.4AI score0.02422EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday47 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.2AI score0.16175EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday33 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.7AI score0.78435EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday46 views

Bitrix Site Manager - Remote Code Execution

In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. id: CVE-2022-27228 info: name: Bitrix Site Manager - Remote Code Execution author: theamanrawat severity: critical description: In the vote aka "Polls, Votes...

10CVSS7.6AI score0.20318EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday28 views

PrestaShop - SQL Injection to Eval Injection

PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...

9.8CVSS7.3AI score0.05071EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday37 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS7.8AI score0.04493EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday40 views

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...

10CVSS8.1AI score0.7747EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.5AI score0.42935EPSS
Exploits8References5
Rows per page
Query Builder