Lucene search
K

57960 matches found

OSV
OSV
added yesterday6 views

ROOT-OS-UBUNTU-2404-CVE-2018-12930 CVE-2018-12930 in rootio-linux - Patched by Root

Root has patched CVE-2018-12930 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS5.9AI score0.00427EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2204-CVE-2018-12931 CVE-2018-12931 in rootio-linux - Patched by Root

Root has patched CVE-2018-12931 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS5.4AI score0.00426EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-DEBIAN-13-CVE-2018-12928 CVE-2018-12928 in rootio-linux - Patched by Root

Root has patched CVE-2018-12928 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS7.7AI score0.00401EPSS
Exploits0
Nuclei
Nuclei
added yesterday27 views

SugarCRM 3.5.1 - Cross-Site Scripting

SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...

6.1CVSS6.2AI score0.06914EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday31 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.2AI score0.20457EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday50 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.02285EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday28 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...

4.8CVSS5.9AI score0.03316EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday31 views

WordPress Ninja Forms <3.3.18 - Cross-Site Scripting

WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...

6.1CVSS6.4AI score0.08903EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday30 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. id: CVE-2018-19136 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting v...

6.1CVSS6.5AI score0.06653EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday20 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. id: CVE-2018-19137 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via...

6.1CVSS6.5AI score0.02891EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday25 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7.1AI score0.12851EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday33 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...

4.8CVSS5.9AI score0.04428EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday23 views

FlexPaper/FlowPaper 2.3.6 - Remote Code Execution

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php. id: CVE-2018-11686 info: name: FlexPaper/FlowPaper 2.3.6 - Remote Code Execution author: iamnoooob,pdresearch,pszyszkowski severity: critical description: | The Publish...

9.8CVSS7.9AI score0.49787EPSS
Exploits4References1
Nuclei
Nuclei
added yesterday63 views

Jorani Leave Management System 0.6.5 - Cross-Site Scripting

Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

5.4CVSS6.1AI score0.06483EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday44 views

Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

9.3CVSS7.2AI score0.93972EPSS
Exploits10References5
Nuclei
Nuclei
added yesterday236 views

Gogs (Go Git Service) 0.11.66 - Remote Code Execution

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...

9.8CVSS7.7AI score0.31882EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday104 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.7AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday73 views

Zoho ManageEngine OpManager - SQL Injection

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.1AI score0.66347EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday30 views

WordPress JSmol2WP <=1.07 - Cross-Site Scripting

WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...

7.5CVSS6.8AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday163 views

Zeit Next.js < 4.2.3 - Local File Inclusion

Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...

7.5CVSS7.2AI score0.0923EPSS
Exploits0References5
Rows per page
Query Builder