Lucene search
K

43598 matches found

EUVD
EUVD
added yesterday2 views

EUVD-2026-44542

ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.3CVSS6.5AI score
Exploits0References1
OSV
OSV
added yesterday8 views

ROOT-OS-UBUNTU-2204-CVE-2025-37874 CVE-2025-37874 in rootio-linux - Patched by Root

Root has patched CVE-2025-37874 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.00245EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2204-CVE-2024-50277 CVE-2024-50277 in rootio-linux - Patched by Root

Root has patched CVE-2024-50277 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

4.7CVSS7.8AI score0.00187EPSS
Exploits0
Nuclei
Nuclei
added yesterday22 views

UserPro <= 5.1.1 - Authentication Bypass

The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...

9.8CVSS7AI score0.06801EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday46 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.2AI score0.01646EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday45 views

WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator- from n/a through 1.0.9. id: CVE-2023-47873 info: name: WordPress WP Child Theme Generator 1.1.3 - Arbitrary File Upload author: cysamu,Crux severity...

9.1CVSS7AI score0.02276EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday123 views

ECTouch v2 - SQL Injection

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...

9.8CVSS7.1AI score0.04109EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.2AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday98 views

Fortinet FortiSandbox - Command Injection

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input. id: CVE-2026-39808 info: name: Fortinet FortiSandbox - Command...

9.8CVSS7.2AI score0.48668EPSS
Exploits6References2
Nuclei
Nuclei
added yesterday6 views

phpBB < 3.3.17 - Authentication Bypass

phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...

9.8CVSS7AI score0.02865EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday22 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS6.1AI score0.01656EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday20 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.2AI score0.14775EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday129 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.2AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday8 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS7.2AI score0.14886EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.3AI score0.0306EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday20 views

WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

9.8CVSS7AI score0.06888EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday94 views

VICIdial - SQL Injection

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. id: CVE-2024-8503 info: name: VICIdial - SQL Injection author: s4e-io severity: critical description:...

9.8CVSS7AI score0.80023EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday38 views

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.2AI score0.98067EPSS
Exploits3References2
Rows per page
Query Builder