CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35783 matches found

GithubExploit•added yesterday•29 views

Exploit for Improper Access Control in Proftpd

OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-W...

10CVSS6.2AI score0.93681EPSS

Exploits21

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2015-7837 CVE-2015-7837 in rootio-linux - Patched by Root

Root has patched CVE-2015-7837 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS8.3AI score0.00073EPSS

Exploits0

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2015-8553 CVE-2015-8553 in rootio-linux - Patched by Root

Root has patched CVE-2015-8553 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

6.5CVSS5.4AI score0.00273EPSS

Exploits0

Nuclei•added yesterday•34 views

Combodo iTop <2.2.0-2459 - Cross-Site Scripting

Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. id: CVE-2015-6544 info: name: Combodo iTop 2.2.0-2459 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.27671EPSS

Exploits3References4

Nuclei•added yesterday•14 views

ResourceSpace - Local File inclusion

ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. id: CVE-2015-3648 info: name: ResourceSpace - Local File inclusion author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion...

7.5CVSS5.8AI score0.51684EPSS

Exploits3References5

Nuclei•added yesterday•43 views

Nordex NC2 - Cross-Site Scripting

Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6AI score0.19026EPSS

Exploits1References4

Nuclei•added yesterday•19 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.8AI score0.01944EPSS

Exploits1References4

Nuclei•added yesterday•9 views

WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting

WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. id: CVE-2015-6920 info: name: WordPress sourceAFRICA =0.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting...

4.3CVSS5.6AI score0.00306EPSS

Exploits1References4

Nuclei•added yesterday•28 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS5.8AI score0.38604EPSS

Exploits6References5

Nuclei•added yesterday•30 views

Joomla! Core SQL Injection

A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. id: CVE-2015-7297 info: name: Joomla! Core SQL Injection author: princechaddha severity: high description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote...

7.5CVSS6.3AI score0.91612EPSS

Exploits8References5

Nuclei•added yesterday•44 views

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

6.8CVSS5.6AI score0.00828EPSS

Exploits2References5

Nuclei•added yesterday•22 views

NewStatPress <=1.0.4 - Cross-Site Scripting

WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nspsearch.php", several variables from the $GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the output...

6.1CVSS6.2AI score0.01724EPSS

Exploits1References5

Nuclei•added 2 days ago•21 views

WordPress MyPixs <=0.3 - Local File Inclusion

WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. id: CVE-2015-1000012 info: name: WordPress MyPixs =0.4 or apply the vendor-provided patch to fix the LFI vulnerability. reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 -...

7.5CVSS7.1AI score0.68585EPSS

Exploits2References5

Nuclei•added 2 days ago•14 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.7AI score0.67891EPSS

Exploits1References3

Nuclei•added 3 days ago•35 views

Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

5CVSS6.5AI score0.54946EPSS

Exploits5References5

Nuclei•added 3 days ago•28 views

Geddy <13.0.8 - Local File Inclusion

Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the PATHINFO to the default URI. id: CVE-2015-5688 info: name: Geddy 13.0.8 - Local File Inclusion author:...

5CVSS7.5AI score0.81089EPSS

Exploits1References5

Nuclei•added 3 days ago•22 views

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

4.3CVSS5.9AI score0.93251EPSS

Exploits5References3

Nuclei•added 3 days ago•41 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS7.7AI score0.80327EPSS

Exploits3References3

Nuclei•added 3 days ago•83 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.4AI score0.82803EPSS

Exploits1References5

Nuclei•added 3 days ago•28 views

SysAid Help Desk <15.2 - Local File Inclusion

SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. dot dot in the fileName parameter of getGfiUpgradeFile or cause a denial of service CPU and memory consumption via .. dot dot in the fileName paramet...

8.5CVSS5.9AI score0.88235EPSS

Exploits9References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by