Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24 matches found

Nuclei
Nucleiadded 17 hours ago35 views

Zyxel ZyWall UAG/USG - Account Creation Access

Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. id: CVE-2019-12583 info: name: Zyxel ZyWall UAG/USG - Account Creation...

9.1CVSS7.8AI score0.59063EPSS
Exploits1References5
Nuclei
Nucleiadded 17 hours ago26 views

DokuWiki - Cross-Site Scripting

DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.9AI score0.01334EPSS
Exploits1References3
Circl
Circladded 2025/11/08 5:53 a.m.7 views

CVE-2025-12583

creationtimestamp| type| source ---|---|--- 2025-11-08 05:53:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m53vomuei52b...

6.4CVSS5.8AI score0.00036EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-12583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php. CVE-2017-12583 Note that Nessus relies on the presence of the...

6.1CVSS6.6AI score0.01334EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 10:35 a.m.5 views

CVE-2019-12583

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...

9.1CVSS7AI score0.59063EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 10:35 a.m.3 views

CVE-2024-12583

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS9.6AI score0.1192EPSS
Exploits0References1
NVD
NVDadded 2025/01/04 9:15 a.m.4 views

CVE-2024-12583

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS0.1192EPSS
Exploits0References3
Circl
Circladded 2025/01/04 8:23 a.m.3 views

CVE-2024-12583

creationtimestamp| type| source ---|---|--- 2025-01-04 08:23:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113769121406411898 2025-01-04 10:34:41+00:00| seen| https://t.me/cvedetector/14270 2025-01-07 03:42:43+00:00| seen|...

9.9CVSS8.9AI score0.1192EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/01/04 8:22 a.m.7 views

CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS9.6AI score0.1192EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/01/04 8:22 a.m.54 views

CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS0.1192EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2024/08/13 12:0 a.m.38 views

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12583)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12583 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding descripti...

7.1CVSS6.9AI score0.00015EPSS
Exploits0References3
Circl
Circladded 2024/01/15 11:31 a.m.2 views

CVE-2019-12583

creationtimestamp| type| source ---|---|--- 2024-01-15 11:31:09+00:00| seen| https://t.me/arpsyndicate/2779...

9.1CVSS8.6AI score0.59063EPSS
Exploits1References1
NVD
NVDadded 2022/12/30 10:15 p.m.5 views

CVE-2020-12583

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

Exploits0
CVE
CVEadded 2019/06/27 2:1 p.m.73 views

CVE-2019-12583

The connected nuclei template confirms a concrete vulnerability in Zyxel ZyWall UAG/USG devices’ Free Time component: a remote attacker can access the account generator to create guest accounts. This is a direct access control failure that can lead to unauthorized network access or Denial of Serv...

9.1CVSS9AI score0.59063EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2019/06/27 2:1 p.m.19 views

CVE-2019-12583

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...

9.2AI score0.59063EPSS
Exploits1References2
CVE
CVEadded 2018/06/19 6:0 p.m.32 views

CVE-2018-12583

AKCMS 6.1 is affected by a cross-site request forgery (CSRF) that can delete articles via the admincp deleteitem action to index.php. The vulnerability is described in CVE-2018-12583 and corroborated by CNVD-2018-14261 and related records, which state an attacker could exploit CSRF to delete arti...

6.5CVSS6.4AI score0.00117EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2017/08/06 3:29 a.m.0 views

UBUNTU-CVE-2017-12583

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php...

6.1CVSS6.7AI score0.01334EPSS
Exploits1References3
OSV
OSVadded 2017/08/06 3:29 a.m.18 views

CVE-2017-12583

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php...

6.1CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2017/08/06 3:0 a.m.76 views

CVE-2017-12583

DokuWiki (affected up to 2017-02-19b) has a cross-site scripting vulnerability in the DATE_AT parameter to doku.php. The issue allows an attacker to inject arbitrary JavaScript into a victim’s browser, potentially stolen cookies or session data. Exploitation details are consistent across multiple...

6.1CVSS6AI score0.01334EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVEadded 2017/08/06 3:0 a.m.16 views

CVE-2017-12583

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php...

6.1CVSS6.3AI score0.01334EPSS
Exploits1
Rows per page
Query Builder