CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53963 matches found

OSV•added yesterday•2 views

ROOT-OS-UBUNTU-2404-CVE-2017-13165 CVE-2017-13165 in rootio-linux - Patched by Root

Root has patched CVE-2017-13165 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS5.9AI score0.00137EPSS

Exploits0

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2017-0537 CVE-2017-0537 in rootio-linux - Patched by Root

Root has patched CVE-2017-0537 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

4.7CVSS5.9AI score0.01046EPSS

Exploits0

OSV•added yesterday•5 views

ROOT-OS-DEBIAN-11-CVE-2017-13693 CVE-2017-13693 in rootio-linux - Patched by Root

Root has patched CVE-2017-13693 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS8.2AI score0.00439EPSS

Exploits0

Nuclei•added yesterday•384 views

MantisBT <=2.30 - Arbitrary Password Reset/Admin Access

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php. id: CVE-2017-7615 THIS TEMPLATE IS ONLY FOR DETECTING To carry out further attacks, please see reference2 below. This template works by guessing user ID. MantisBT...

8.8CVSS7.4AI score0.90856EPSS

Exploits10

Nuclei•added yesterday•27 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.7AI score0.04601EPSS

Exploits2References5

Nuclei•added yesterday•33 views

WordPress Qards - Cross-Site Scripting

WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...

6.1CVSS6.3AI score0.01933EPSS

Exploits2References5

Nuclei•added yesterday•14 views

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...

5.8CVSS6.5AI score0.0465EPSS

Exploits1References4

Nuclei•added yesterday•19 views

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

6.1CVSS6.3AI score0.03271EPSS

Exploits0References5

Nuclei•added yesterday•28 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...

6.1CVSS6.5AI score0.08112EPSS

Exploits5References2

Nuclei•added yesterday•51 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.08869EPSS

Exploits5References2

Nuclei•added yesterday•22 views

WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting

WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/addcollectionajaxprocessor.jsp via the collectionName or parentPath parameter. id: CVE-2017-14651 info: name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting author: mass0ma severity: medium...

4.8CVSS6AI score0.03836EPSS

Exploits1References5

Nuclei•added yesterday•30 views

Ulterius Server < 1.9.5.0 - Directory Traversal

Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...

7.5CVSS7.1AI score0.91496EPSS

Exploits6References5

Nuclei•added yesterday•19 views

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

6.1CVSS6.3AI score0.0141EPSS

Exploits1References4

Nuclei•added yesterday•12 views

Intelbras WRN 150 - Authentication Bypass

Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie. id: CVE-2017-14942 info: name: Intelbras WRN 150 - Authentication Bypass author:...

9.8CVSS6.8AI score0.60857EPSS

Exploits1References2

Nuclei•added yesterday•41 views

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...

7.5CVSS7.3AI score0.13649EPSS

Exploits1References5

Nuclei•added yesterday•75 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.5AI score0.23566EPSS

Exploits0References5

Nuclei•added yesterday•25 views

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.3AI score0.01621EPSS

Exploits1References4

Nuclei•added yesterday•191 views

Primetek Primefaces 5.x - Remote Code Execution

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. id: CVE-2017-1000486 info: name: Primetek Primefaces 5.x - Remote Code Execution author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption fl...

9.8CVSS7.8AI score0.94104EPSS

Exploits6References5

Nuclei•added yesterday•10 views

WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

5.4CVSS6.7AI score0.02134EPSS

Exploits0References5

Nuclei•added yesterday•37 views

KMCIS CaseAware - Cross-Site Scripting

KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. id: CVE-2017-5631 info: name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected...

6.1CVSS6.2AI score0.04487EPSS

Exploits5References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by