Lucene search
+L

222338 matches found

nuclei
nuclei
added 12 hours ago138 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7AI score0.58373EPSS
Exploits6References4
nuclei
nuclei
added 12 hours ago74 views

Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting

Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. id: CVE-2018-19877 info: name: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting author: arafatansari severity: medium description: | Adiscon LogAnalyzer before 4.1.7...

6.1CVSS6.4AI score0.18563EPSS
Exploits5References4
nuclei
nuclei
added 12 hours ago72 views

Wavlink WN-533A8 - Cross-Site Scripting

Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the loginpage parameter. id: CVE-2022-34048 info: name: Wavlink WN-533A8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Wavlink WN-533A8 M33A8.V5030.190716 contains a...

6.1CVSS6.4AI score0.0509EPSS
Exploits4References5
nuclei
nuclei
added 12 hours ago85 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.8AI score0.88874EPSS
Exploits0References5
nuclei
nuclei
added 12 hours ago59 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
nuclei
nuclei
added 12 hours ago91 views

WBCE CMS v1.5.4 - Remote Code Execution

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. id: CVE-2022-46020 info: name: WBCE CMS v1.5.4 - Remote Code Execution author: theamanrawat severity: critical description: | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. impact: | Successful...

9.8CVSS7AI score0.38953EPSS
Exploits1References3
nuclei
nuclei
added 12 hours ago154 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.01084EPSS
Exploits1References2
nuclei
nuclei
added 12 hours ago42 views

Casdoor 1.13.0 - Unauthenticated SQL Injection

Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. id: CVE-2022-24124 info: name: Casdoor 1.13.0 - Unauthenticated SQL Injection...

7.5CVSS7AI score0.58927EPSS
Exploits9References5
nuclei
nuclei
added 12 hours ago280 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.5AI score0.0608EPSS
Exploits3References5
nuclei
nuclei
added 12 hours ago46 views

Dairy Farm Shop Management System 1.0 - SQL Injection

Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context ...

9.8CVSS7.1AI score0.19478EPSS
Exploits1References5
nuclei
nuclei
added 12 hours ago111 views

Omnia MPX 1.5.0+r1 - Local File Inclusion

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...

9.8CVSS7AI score0.09572EPSS
Exploits1References4
nuclei
nuclei
added 12 hours ago91 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.8AI score0.02298EPSS
Exploits1References4
nuclei
nuclei
added 12 hours ago14 views

WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS6.6AI score0.09901EPSS
Exploits1References2
nuclei
nuclei
added 12 hours ago73 views

Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...

7.2CVSS7AI score0.44196EPSS
Exploits0References2
nuclei
nuclei
added 12 hours ago62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7AI score0.03948EPSS
Exploits6References3
nuclei
nuclei
added 12 hours ago109 views

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. id: CVE-2021-46387 info: name: Zyxel ZyWALL 2...

6.1CVSS6.5AI score0.21028EPSS
Exploits4References5
nuclei
nuclei
added 12 hours ago93 views

TOTOLink - Unauthenticated Command Injection

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter. id: CVE-2022-25082 info: name: TOTOLink -...

9.8CVSS7.2AI score0.15673EPSS
Exploits1References3
nuclei
nuclei
added 12 hours ago154 views

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlistsync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

9.8CVSS7.1AI score0.28724EPSS
Exploits1References5
nuclei
nuclei
added 12 hours ago77 views

Confluence - Remote Code Execution

Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. id: CVE-2022-26134 info: name: Confluence - Remote Code Execution author: pdteam,jbertman severity: critical description: | Confluence Server and Data Center is susceptible to an...

9.8CVSS7.5AI score0.99999EPSS
Exploits76References5
nuclei
nuclei
added 12 hours ago64 views

SolarView Compact 6.00 - Local File Inclusion

SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files. id: CVE-2022-29298 info: name: SolarView Compact 6.00 - Local File Inclusion author: ritikchaddha severity: high description: SolarView Compact 6.00 is vulnerable to local file...

7.5CVSS7AI score0.45256EPSS
Exploits3References5
Rows per page
Query Builder