CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

220431 matches found

Joomla! Component com_cartweberp - Local File Inclusion

A directory traversal vulnerability in the CARTwebERP comcartweberp component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0982 info: name: Joomla! Component comcartweberp - Local File Inclusion author:...

4.3CVSS5.5AI score0.06187EPSS

Exploits1References2

Nuclei•added 13 hours ago•29 views

Joomla! Component com_biblestudy - Local File Inclusion

A directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php. id: CVE-2010-0157 info: name: Joomla! Component...

7.5CVSS5.7AI score0.12969EPSS

Exploits1References4

Nuclei•added 13 hours ago•30 views

WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion

WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter. id: CVE-2018-16059 info: name: WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion author: daffainfo severity: medium description: WirelessHART Fieldgate SWG70 3.0 is vulnerabl...

5.3CVSS5.6AI score0.29816EPSS

Exploits1References5

Nuclei•added 13 hours ago•23 views

Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task. id: CVE-2015-4074 info: name: Joomla! Helpdesk Pro plugin 1.4.0 - Local File...

7.5CVSS7.8AI score0.5651EPSS

Exploits5References5

Nuclei•added 13 hours ago•42 views

Netsweeper - Authentication Bypass

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. id: CVE-2014-9618 info: name: Netsweeper - Authentication...

9.8CVSS8.7AI score0.73312EPSS

Exploits3References5

Nuclei•added 13 hours ago•27 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS5.5AI score0.01514EPSS

Exploits5References4

Nuclei•added 13 hours ago•31 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...

4.8CVSS5.4AI score0.04448EPSS

Exploits6References4

Nuclei•added 13 hours ago•27 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. id: CVE-2018-19752 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through 4.11.01 contains a...

4.8CVSS5.5AI score0.03316EPSS

Exploits6References4

Nuclei•added 13 hours ago•15 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...

4.8CVSS5.4AI score0.04448EPSS

Exploits5References4

Nuclei•added 13 hours ago•20 views

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

6.1CVSS6.1AI score0.08864EPSS

Exploits5References5

Nuclei•added 13 hours ago•15 views

HotelDruid 2.3.0 - Cross-Site Scripting

HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizzatabelle.php. id: CVE-2019-8937 info: name: HotelDruid 2.3.0 - Cross-Site Scripting author: LogicalHunte...

6.1CVSS5.8AI score0.1068EPSS

Exploits5References5

Nuclei•added 13 hours ago•320 views

Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...

9.6CVSS8.4AI score0.25563EPSS

Exploits1References5

Nuclei•added 13 hours ago•20 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS8.5AI score0.36114EPSS

Exploits1References5

Nuclei•added 13 hours ago•13 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS8AI score0.10808EPSS

Exploits1References5

Nuclei•added 13 hours ago•22 views

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

6.1CVSS6.3AI score0.0552EPSS

Exploits3References5

Nuclei•added 13 hours ago•28 views

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

6.1CVSS5.7AI score0.01905EPSS

Exploits2References5

Nuclei•added 13 hours ago•80 views

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS8.9AI score0.60377EPSS

Exploits9References5

Nuclei•added 13 hours ago•39 views

IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. id: CVE-2020-8512 info: name: IceWarp WebMail Server =11.4.4.2 or apply the vendor-provided patch to mitigate the vulnerability. reference: -...

6.1CVSS5.8AI score0.14834EPSS

Exploits5References5

Nuclei•added 13 hours ago•18 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7.3AI score0.20839EPSS

Exploits2References5

Nuclei•added 13 hours ago•30 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.6AI score0.52332EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by