Lucene search
K

62593 matches found

Nuclei
Nuclei
added yesterday62 views

Jenkins <=2.196 - Cookie Exposure

Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. id: CVE-2019-10405...

5.4CVSS6.1AI score0.65753EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday50 views

PrismaWEB - Credentials Disclosure

PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the loginpar.j...

9.8CVSS7AI score0.58528EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday36 views

Moodle Jmol Filter 6.1 - Local File Inclusion

Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server. id: CVE-2025-34031 info: name: Moodle Jmol Filter 6.1 - Local File Inclusion author: madrobot severity: high description: | Moodle Jmol Filter 6.1 is...

8.7CVSS7.1AI score0.02963EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday37 views

MLFlow < 2.8.1 - Sensitive Information Disclosure

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. id: CVE-2023-43472 info: name: MLFlow 2.8.1 - Sensitive Information Disclosure author: ritikchaddha severity: high description: | An issue in MLFlow versions...

7.5CVSS7AI score0.36582EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday82 views

KubeOperator Foreground `kubeconfig` - File Download

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

9.8CVSS6.9AI score0.66768EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday64 views

Vite server.fs.deny Bypass - Local File Inclusion

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest- script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS6.7AI score0.38685EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday101 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday25 views

KLog Server - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. id: CVE-2025-1035 info: name: KLog Server - Path Traversal author: s4e-io...

5.7CVSS6.1AI score0.09676EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday47 views

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

6.8CVSS6.2AI score0.04848EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

VMware vCenter Server LDAP Broken Access Control

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. id: CVE-2020-3952 info: name: VMware vCenter Server LDAP Broken Access Control author: 0xAkoko severity: critic...

9.8CVSS7AI score0.90384EPSS
Exploits20References3
Nuclei
Nuclei
added yesterday41 views

INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/exportsettings.sh endpoint. id: CVE-2020-24285 info: name: INTELBRAS...

7.5CVSS7AI score0.04497EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday17 views

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6.2AI score0.01608EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday36 views

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

5.3CVSS6.2AI score0.01648EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS6.1AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday59 views

Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure

Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. id: CVE-2020-27361 info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.0...

7.5CVSS7AI score0.06714EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday56 views

WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure

WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. id:...

7.5CVSS7AI score0.07401EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday45 views

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code id: CVE-2023-6065 info: name: Quttera Web Malware Scanner = 3.4.1.48 - Sensitive Data Exposure...

5.3CVSS6.7AI score0.18697EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday22 views

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

7.5CVSS7AI score0.01915EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday9 views

WordPress BackWPup < 4.0.4 - Backup File Disclosure

BackWPup WordPress plugin 4.0.4 contains a directory listing vulnerability caused by lack of access restrictions in its temporary backup folder, letting unauthenticated attackers download site backups, exploit requires no authentication. id: CVE-2023-7164 info: name: WordPress BackWPup 4.0.4 -...

7.5CVSS6AI score0.02261EPSS
Exploits2References3
Rows per page
Query Builder