CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35824 matches found

Nordex NC2 - Cross-Site Scripting

Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.1AI score0.12042EPSS

Exploits1References4

Nuclei•added 10 hours ago•17 views

ResourceSpace - Local File inclusion

ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. id: CVE-2015-3648 info: name: ResourceSpace - Local File inclusion author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion...

7.5CVSS5.8AI score0.08083EPSS

Exploits3References5

Nuclei•added 10 hours ago•31 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS5.9AI score0.39797EPSS

Exploits6References5

Nuclei•added 10 hours ago•38 views

Combodo iTop <2.2.0-2459 - Cross-Site Scripting

Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. id: CVE-2015-6544 info: name: Combodo iTop 2.2.0-2459 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.05562EPSS

Exploits3References4

Nuclei•added 10 hours ago•50 views

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

4.3CVSS6AI score0.61114EPSS

Exploits5References3

Nuclei•added 10 hours ago•49 views

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

6.8CVSS5.8AI score0.03859EPSS

Exploits2References5

Nuclei•added 10 hours ago•27 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.9AI score0.1404EPSS

Exploits1References4

Nuclei•added 10 hours ago•24 views

WordPress MyPixs <=0.3 - Local File Inclusion

WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. id: CVE-2015-1000012 info: name: WordPress MyPixs =0.4 or apply the vendor-provided patch to fix the LFI vulnerability. reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 -...

7.5CVSS7.2AI score0.09325EPSS

Exploits2References5

Nuclei•added 10 hours ago•61 views

Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

5CVSS6.6AI score0.17681EPSS

Exploits5References5

Nuclei•added 10 hours ago•68 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS7.7AI score0.41478EPSS

Exploits3References3

Nuclei•added 10 hours ago•27 views

NewStatPress <=1.0.4 - Cross-Site Scripting

WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nspsearch.php", several variables from the $GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the output...

6.1CVSS6.2AI score0.01879EPSS

Exploits1References5

Nuclei•added 10 hours ago•24 views

WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting

WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. id: CVE-2015-6920 info: name: WordPress sourceAFRICA =0.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting...

4.3CVSS5.7AI score0.03265EPSS

Exploits1References4

Nuclei•added 10 hours ago•89 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.4AI score0.11595EPSS

Exploits1References5

Nuclei•added 10 hours ago•38 views

Geddy <13.0.8 - Local File Inclusion

Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the PATHINFO to the default URI. id: CVE-2015-5688 info: name: Geddy 13.0.8 - Local File Inclusion author:...

5CVSS7.5AI score0.09385EPSS

Exploits1References5

Nuclei•added 10 hours ago•17 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.7AI score0.14775EPSS

Exploits1References3

Nuclei•added 10 hours ago•15 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.3AI score0.55008EPSS

Exploits1References4

OSV•added 2 days ago•4 views

ROOT-OS-UBUNTU-2404-CVE-2015-8553 CVE-2015-8553 in rootio-linux - Patched by Root

Root has patched CVE-2015-8553 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

6.5CVSS5.4AI score0.00381EPSS

Exploits0

OSV•added 2 days ago•3 views

ROOT-OS-UBUNTU-2404-CVE-2015-7837 CVE-2015-7837 in rootio-linux - Patched by Root

Root has patched CVE-2015-7837 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS8.3AI score0.00405EPSS

Exploits0

OSV•added 2 days ago•4 views

ROOT-OS-UBUNTU-2204-CVE-2015-8553 CVE-2015-8553 in rootio-linux - Patched by Root

Root has patched CVE-2015-8553 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

6.5CVSS7.9AI score0.00381EPSS

Exploits0

OSV•added 2 days ago•5 views

ROOT-OS-UBUNTU-2204-CVE-2015-7837 CVE-2015-7837 in rootio-linux - Patched by Root

Root has patched CVE-2015-7837 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS8.2AI score0.00405EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by