Lucene search
+L

26 matches found

Nuclei
Nuclei
added yesterday64 views

DokuWiki - Cross-Site Scripting

DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.9AI score0.03253EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago48 views

Zyxel ZyWall UAG/USG - Account Creation Access

Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. id: CVE-2019-12583 info: name: Zyxel ZyWall UAG/USG - Account Creation...

9.1CVSS7.1AI score0.43926EPSS
Exploits1References5
Circl
Circl
added 4 days ago6 views

CVE-2026-12583

creationtimestamp| type| source ---|---|--- 2026-07-14 07:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116917156404370712 2026-07-14 07:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqlora4oen23 2026-07-14 09:25:26+00:00| seen|...

8.1CVSS6.1AI score0.00326EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-12583

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS0.00326EPSS
Exploits0References1
Circl
Circl
added 2025/11/08 5:53 a.m.19 views

CVE-2025-12583

creationtimestamp| type| source ---|---|--- 2025-11-08 05:53:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m53vomuei52b...

6.4CVSS5.8AI score0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-12583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php. CVE-2017-12583 Note that Nessus relies on the presence of the...

6.1CVSS6.6AI score0.03253EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 a.m.8 views

CVE-2019-12583

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...

9.1CVSS7AI score0.43926EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:35 a.m.5 views

CVE-2024-12583

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS9.6AI score0.01393EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 9:15 a.m.7 views

CVE-2024-12583

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS0.01393EPSS
Exploits0References3
Circl
Circl
added 2025/01/04 8:23 a.m.6 views

CVE-2024-12583

creationtimestamp| type| source ---|---|--- 2025-01-04 08:23:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113769121406411898 2025-01-04 10:34:41+00:00| seen| https://t.me/cvedetector/14270 2025-01-07 03:42:43+00:00| seen|...

9.9CVSS8.9AI score0.01393EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/04 8:22 a.m.111 views

CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS0.01393EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/04 8:22 a.m.8 views

CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it...

9.9CVSS9.6AI score0.01393EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/08/13 12:0 a.m.38 views

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12583)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12583 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 Tenable has extracted the preceding descripti...

7.1CVSS6.9AI score0.00254EPSS
Exploits0References3
Circl
Circl
added 2024/01/15 11:31 a.m.8 views

CVE-2019-12583

creationtimestamp| type| source ---|---|--- 2024-01-15 11:31:09+00:00| seen| https://t.me/arpsyndicate/2779...

9.1CVSS8.6AI score0.43926EPSS
Exploits1References1
NVD
NVD
added 2022/12/30 10:15 p.m.8 views

CVE-2020-12583

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

Exploits0
Cvelist
Cvelist
added 2019/06/27 2:1 p.m.36 views

CVE-2019-12583

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...

9.2AI score0.43926EPSS
Exploits1References2
CVE
CVE
added 2019/06/27 2:1 p.m.83 views

CVE-2019-12583

The connected nuclei template confirms a concrete vulnerability in Zyxel ZyWall UAG/USG devices’ Free Time component: a remote attacker can access the account generator to create guest accounts. This is a direct access control failure that can lead to unauthorized network access or Denial of Serv...

9.1CVSS9AI score0.43926EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/19 6:0 p.m.36 views

CVE-2018-12583

AKCMS 6.1 is affected by a cross-site request forgery (CSRF) that can delete articles via the admincp deleteitem action to index.php. The vulnerability is described in CVE-2018-12583 and corroborated by CNVD-2018-14261 and related records, which state an attacker could exploit CSRF to delete arti...

6.5CVSS6.4AI score0.00484EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/08/06 3:29 a.m.5 views

UBUNTU-CVE-2017-12583

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php...

6.1CVSS6.7AI score0.03253EPSS
Exploits1References3
OSV
OSV
added 2017/08/06 3:29 a.m.21 views

CVE-2017-12583

DokuWiki through 2017-02-19b has XSS in the at parameter aka the DATEAT variable to doku.php...

6.1CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder