Lucene search
K

593891 matches found

Nuclei
Nuclei
added 14 hours ago19 views

TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution

The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests. id: CVE-2024-9166 info: name: TitanNit Web Control 2.01/Atemio 7600 - Remot...

9.3CVSS6.1AI score0.01578EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago20 views

LG Supersign EZ CMS - Remote Code Execution

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...

9.8CVSS7.4AI score0.56237EPSS
Exploits9References4
Nuclei
Nuclei
added 14 hours ago42 views

Veeam Backup & Replication - Unauthenticated

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE. id: CVE-2024-40711 info: name: Veeam Backup & Replication - Unauthenticated author: rootxharsh,iamnoooob,DhiyaneshDK severity: critical description: | A deserializati...

9.8CVSS7.5AI score0.88193EPSS
Exploits3References3
Nuclei
Nuclei
added 14 hours ago15 views

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

9.8CVSS7.2AI score0.0955EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago272 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7AI score0.0132EPSS
Exploits2
Nuclei
Nuclei
added 14 hours ago182 views

AJ-Report < 1.4.1 - Remote Code Execution

AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rul...

9.8CVSS7.3AI score0.51468EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago151 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS7.5AI score0.76761EPSS
Exploits12References3
Nuclei
Nuclei
added 14 hours ago20 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.2AI score0.14775EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago68 views

WordPress RevSlider - Remote Code Execution via File Upload

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

7.5CVSS6.3AI score0.75256EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago44 views

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS7.4AI score0.04841EPSS
Exploits3References4
Nuclei
Nuclei
added 14 hours ago28 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.9AI score0.31809EPSS
Exploits8References3
Nuclei
Nuclei
added 14 hours ago22 views

Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. id: CVE-2024-3300 info: name: Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization author: iamnoooob,rootxharsh,pdresearc...

9CVSS6.3AI score0.02761EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago145 views

FoxCMS v.1.2.5 - Remote Code Execution

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. id: CVE-2025-29306 info: name: FoxCMS v.1.2.5 - Remote Code Execution author: ritikchaddha severity: critical description: | An issue in FoxCMS v.1.2.5 allows a...

9.8CVSS7.3AI score0.43655EPSS
Exploits11References3
Nuclei
Nuclei
added 14 hours ago23 views

ProjectSend <= r1605 - Improper Authorization

An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...

9.8CVSS7.4AI score0.91559EPSS
Exploits4References3
Nuclei
Nuclei
added 14 hours ago43 views

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.5AI score0.03111EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago36 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.4AI score0.0379EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago22 views

PyArrow Flight RPC - Remote Code Execution

PyArrow Flight RPC from v0.14.0 through v14.0.0 allows remote attackers to execute arbitrary code via a maliciously crafted Python-defined extension type. id: CVE-2023-47248 info: name: PyArrow Flight RPC - Remote Code Execution author: smolse severity: critical description: | PyArrow Flight RPC...

9.8CVSS7AI score0.14414EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
Nuclei
Nuclei
added 14 hours ago94 views

WordPress Button Generator <2.3.3 - Remote File Inclusion

WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions as well as with data:// or http:// protocols, thus leading to cross-site request forgery and remote code execution. id: CVE-2021-25052 info: name: WordPress Button...

8.8CVSS7.2AI score0.03435EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago92 views

Jenzabar 9.2x-9.2.2 - Cross-Site Scripting

Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. id: CVE-2021-26723 info: name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting...

6.1CVSS6.7AI score0.10949EPSS
Exploits3References5
Rows per page
Query Builder