Lucene search
K

204141 matches found

Nuclei
Nuclei
added yesterday33 views

MLFlow < 2.8.1 - Sensitive Information Disclosure

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. id: CVE-2023-43472 info: name: MLFlow 2.8.1 - Sensitive Information Disclosure author: ritikchaddha severity: high description: | An issue in MLFlow versions...

7.5CVSS7.1AI score0.36582EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday109 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.9AI score0.13751EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday52 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.1AI score0.28961EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday32 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
Nuclei
Nuclei
added yesterday35 views

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...

9.8CVSS6AI score0.1942EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday39 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.3AI score0.08147EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday79 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.2AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday49 views

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

6.1CVSS6AI score0.08011EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday131 views

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. id: CVE-2024-36837 info: name: CRMEB v.5.2.2 - SQL Injection author: DhiyaneshDk severity: high description: | SQL Injection...

7.5CVSS6.1AI score0.08306EPSS
Exploits2References2
NVD
NVD
added yesterday8 views

CVE-2026-14786

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function rstrwordget0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be use...

5.5CVSS0.00113EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access affected versions not specified Description A critical pre-authentication issue exists in the authentication subsystem. Improper validation of authentication data allows a...

9.2CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-56002

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description An issue exists when the crawler saves downloaded files, as the destination filename is derived from attacker-influenced input and joined to the downloads directory without proper confinement. This...

9.6CVSS6.5AI score
Exploits1References4
Tenable Nessus
Tenable Nessus
added yesterday3 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS7.2AI score0.0037EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-59510

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

7.1CVSS0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-53361

A flaw was found in the Linux kernel's afunix component. A race condition exists within the unixgc garbage collection function where the gcinprogress flag may not be correctly set. This could lead to unixpeekfpl misinterpreting garbage collection status when handling MSGPEEK operations, potential...

7CVSS5.9AI score0.00171EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago37 views

Cisco RV110W RV130W RV215W Router - Information leakage

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...

5.3CVSS6.2AI score0.40951EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago71 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago59 views

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. id: CVE-2024-4358 info: name: Progress Telerik Report Server - Authenticatio...

9.9CVSS7.4AI score0.97482EPSS
Exploits14References3
Nuclei
Nuclei
added 2 days ago235 views

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

6.1CVSS7AI score0.09642EPSS
Exploits0References5
Rows per page
Query Builder