Lucene search
K

7628 matches found

Nuclei
Nuclei
added 12 hours ago12 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.1AI score0.0203EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago9 views

Heimdall Application Dashboard < 2.7.3 - Reflected XSS

LinuxServer.io Heimdall 2.7.3 contains a stored XSS caused by improper sanitization of the "q" parameter, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2025-54597 info: name: Heimdall Application Dashboard 2.7.3 - Reflected XSS author: 0xAkoko severity: medium...

7.2CVSS6.2AI score0.00565EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago18 views

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.4AI score0.01353EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago19 views

System Dashboard < 2.8.10 - Cross-Site Scripting

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...

5.4CVSS6.1AI score0.00813EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago138 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS7.3AI score0.13035EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago80 views

WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion

WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or...

7.2CVSS7AI score0.05898EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago171 views

Node RED Dashboard <2.26.2 - Local File Inclusion

NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows uibase/js/..%2f directory traversal to read files. id: CVE-2021-3223 info: name: Node RED Dashboard 2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before...

7.5CVSS7AI score0.18512EPSS
Exploits1References5
Chainguard
Chainguard
added 16 hours ago5 views

GHSA-WC69-RHJR-HC9G vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.1AI score
Exploits0
Chainguard
Chainguard
added 16 hours ago6 views

CVE-2022-31129 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

7.5CVSS6.7AI score0.04923EPSS
Exploits1
Chainguard
Chainguard
added 16 hours ago5 views

CVE-2022-24785 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

7.5CVSS6.7AI score0.05664EPSS
Exploits0
Chainguard
Chainguard
added 16 hours ago6 views

GHSA-8HFJ-J24R-96C4 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

6.1AI score
Exploits0
Nuclei
Nuclei
added yesterday34 views

Apache APISIX Dashboard <2.10.1 - API Unauthorized Access

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework droplet, some API directly use the interface of framework gin thus bypassing...

9.8CVSS7.1AI score0.85943EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday40 views

Kubernetes Dashboard <1.10.1 - Authentication Bypass

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. id: CVE-2018-18264 info: name: Kubernetes Dashboard 1.10.1 - Authentication Bypass author: edoardottt severity: high description: | Kubernetes...

7.5CVSS7AI score0.70372EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday118 views

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

The Ray Dashboard API is affected by a Server-Side Request Forgery SSRF vulnerability in the url parameter of the /logproxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid. id: CVE-2023-48023 info:...

9.1CVSS7AI score0.35052EPSS
Exploits1References4
NVD
NVD
added yesterday6 views

CVE-2026-15523

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday27 views

CVE-2026-15523 CodeAstro Simple Online Leave Management System dashboard.php sql injection

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-15523

CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2 days ago16 views

CVE-2026-15501

CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-15492

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS0.00422EPSS
Exploits0References5
Rows per page
Query Builder