Lucene search
+L

78044 matches found

Nuclei
Nuclei
added 11 hours ago41 views

Babel - Open Redirect

Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. id:...

6.1CVSS6.1AI score0.04059EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago43 views

Timesheet Next Gen <=1.5.3 - Cross-Site Scripting

Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...

6.1CVSS6.2AI score0.043EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago35 views

Joomla! Harmis Messenger 1.2.2 - Local File Inclusion

Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...

7.5CVSS6.5AI score0.1059EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago38 views

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktopurl. id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a...

6.1CVSS5.7AI score0.31043EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago47 views

Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting

Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the errmsg parameter freetimefailed.cgi CGI program, aka reflective cross-site scripting. id: CVE-2019-12581 info: name: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting author: n-thumann...

6.1CVSS5.8AI score0.064EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago61 views

IceWarp Mail Server <=10.4.4 - Local File Inclusion

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. id: CVE-2019-12593 info: name: IceWarp Mail Server =10.4.4 - Local File Inclusion author: pikpikcu severity: high description: | IceWarp Ma...

7.5CVSS7.2AI score0.40965EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago29 views

GrandNode 4.40 - Local File Inclusion

GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. id: CVE-2019-12276 info: name: GrandNode 4.40...

7.5CVSS7.5AI score0.53705EPSS
Exploits4References5
Nuclei
Nuclei
added 11 hours ago35 views

WebPort 1.19.1 - Cross-Site Scripting

Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. id: CVE-2019-12461 info: name: WebPort 1.19.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. impact: |...

6.1CVSS5.7AI score0.09916EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago146 views

WordPress Google Maps <7.11.18 - SQL Injection

WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute...

9.8CVSS8.7AI score0.78699EPSS
Exploits6References5
Nuclei
Nuclei
added 11 hours ago62 views

Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection

Teclib GLPI = 9.3.3 exposes a script /scripts/unlocktasks.php that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. id: CVE-2019-10232 info: name:...

9.8CVSS8.7AI score0.23211EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago61 views

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

6.1CVSS6.1AI score0.09221EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago52 views

Jira < 8.1.1 - Cross-Site Scripting

Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. id: CVE-2019-3402 info: name: Jira 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site...

6.1CVSS5.7AI score0.08947EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago88 views

WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting

WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter. id: CVE-2019-20141 info: name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting author: knassar702 severity: medium description: WordPress Laborator Neon them...

6.1CVSS5.8AI score0.05008EPSS
Exploits1References5
Circl
Circl
added yesterday8 views

CVE-2019-13450

creationtimestamp| type| source ---|---|--- 2026-07-18 15:19:21+00:00| seen| https://bsky.app/profile/kay.owo.asia/post/3mqwktddvdc2d...

6.5CVSS5.3AI score0.03523EPSS
Exploits1References1
Circl
Circl
added yesterday6 views

CVE-2019-17424

creationtimestamp| type| source ---|---|--- 2026-07-18 15:00:05+00:00| seen| https://t.me/reverseame/46 2026-07-19 00:00:11+00:00| published-proof-of-concept| https://t.me/reverseame/46...

7.8CVSS7.8AI score0.13426EPSS
Exploits7References1
Nuclei
Nuclei
added yesterday52 views

Jira - Local File Inclusion

Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. id: CVE-2019-8442 info: name: Jira - Local File Inclusion author:...

7.5CVSS7.3AI score0.59832EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

10CVSS8.4AI score0.30174EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday262 views

ZZZCMS 1.6.1 - Remote Code Execution

ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzztemplate.php file because the parserIfLabel function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring. id: CVE-2019-9041 info: name: ZZZCMS 1.6.1 - Remote Code Execution...

7.2CVSS8.2AI score0.31421EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday13 views

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...

10CVSS8.5AI score0.86441EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday111 views

Harbor <=1.82.0 - Privilege Escalation

Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...

6.5CVSS5.8AI score0.23284EPSS
Exploits5References5
Rows per page
Query Builder