Lucene search
K

160105 matches found

OSV
OSV
added yesterday3 views

ROOT-APP-PYPI-CVE-2023-30798 CVE-2023-30798 in rootio-starlette - Patched by Root

Root has patched CVE-2023-30798 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01288EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-OS-DEBIAN-12-CVE-2023-5388 CVE-2023-5388 in rootio-nss - Patched by Root

Root has patched CVE-2023-5388 in the rootio-nss package for Root:Debian:12. Multiple fixed versions available...

6.5CVSS8.2AI score0.00816EPSS
Exploits0
Nuclei
Nuclei
added yesterday97 views

PHPIPAM <v1.5.1 - Missing Authorization

In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify if the user i...

7.5CVSS6.7AI score0.37304EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday104 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...

6.1CVSS6.4AI score0.01635EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday120 views

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

9.8CVSS7AI score0.50673EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday55 views

Bank Locker Management System v1.0 - SQL Injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. id: CVE-2023-0562 info:...

9.8CVSS6.7AI score0.44268EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday109 views

vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. id: CVE-2023-25135...

9.8CVSS7.3AI score0.23926EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday12 views

WordPress File Manager <= 7.2.1 - Directory Traversal

File Manager and File Manager Pro plugins for WordPress versions up to 7.2.1 and 8.3.4 contain a directory traversal caused by the 'target' parameter in mkfilefoldermanageractioncallbackshortcode, letting attackers read arbitrary files and upload files outside designated directories, exploit...

9.9CVSS7.1AI score0.06009EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday109 views

Copyparty <= 1.8.2 - Directory Traversal

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...

7.5CVSS6.9AI score0.42828EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday36 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday49 views

Qualitor <= 8.20 - Remote Code Execution

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. id: CVE-2023-47253 info: name: Qualitor = 8.20 - Remote Code Execution author: s4e-io severity: critical description: |...

9.8CVSS7.3AI score0.14422EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday107 views

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

7.5CVSS7AI score0.02885EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday287 views

Oracle Peoplesoft - Unauthenticated File Read

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component- Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

7.5CVSS7AI score0.74469EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday131 views

SolarView Compact <= 6.00 - Local File Inclusion

There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php id: CVE-2023-29919 info: name: SolarView Compact = 6.00 - Local File Inclusion author: For3stCo1d severity: critical description: | There is ...

9.8CVSS7.1AI score0.60221EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday43 views

Cellinx NVT Web Server - Local File Disclosure

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...

7.5CVSS6.9AI score0.02431EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday66 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.2AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday51 views

phpMyFAQ < 3.2.0 - Cross-site Scripting

Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "text...

7.4CVSS6.7AI score0.01105EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday186 views

DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

9.8CVSS7.2AI score0.4871EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday46 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.2AI score0.01646EPSS
Exploits1References2
Rows per page
Query Builder