Lucene search
K

124069 matches found

CVE
CVE
added yesterday11 views

CVE-2026-53360

The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...

6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday29 views

PlayTube 3.0.1 - Information Disclosure

A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. id: CVE-2023-4714 info: name: PlayTube 3.0.1 - Informati...

7.5CVSS5.3AI score0.0521EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday52 views

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

9.8CVSS7.2AI score0.77755EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday18 views

TOTOLINK A3002RU 1.0.8 - Information Disclosure

TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...

6.1CVSS6.5AI score0.00991EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday18 views

D-Link DIR-868L/817LW - Information Disclosure

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in...

10CVSS7AI score0.57298EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday15 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6AI score0.01443EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS5.9AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday62 views

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some protected...

7.5CVSS7.1AI score0.7282EPSS
Exploits0
Nuclei
Nuclei
added yesterday35 views

Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author:...

7.5CVSS7.1AI score0.39723EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday24 views

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. id: CVE-2023-6444 info: name: Seriously Simple Podcasting 3.0.0 - Information Disclosure author: s4e-io...

5.3CVSS5.9AI score0.02463EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday24 views

XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure

An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1. id: CVE-2022-24819 info: name: XWiki 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure author: ritikchaddha...

5.3CVSS6.2AI score0.03282EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday11 views

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS6.1AI score0.22547EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday42 views

Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call. id: CVE-2022-34534 info: name: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure author: ritikchaddha severity: high description: | Digital Watchdog DW...

7.5CVSS7.1AI score0.02102EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday49 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

7.8CVSS7AI score0.09966EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday9 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS7AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday25 views

IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure

IP2Location Country Blocker plugin for WordPress up to version 2.38.8 contains a regular information exposure caused by missing capability checks on admininit, letting unauthenticated attackers view plugin settings, exploit requires no special conditions. id: CVE-2025-1361 info: name: IP2Location...

7.5CVSS7.1AI score0.01278EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday37 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7.1AI score0.07849EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday102 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS7AI score0.35681EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.5AI score0.08923EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday22 views

Seagate NAS OS 4.3.15.1 - Open Redirect

Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. id: CVE-2018-12300 info: name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.02698EPSS
Exploits1References2
Rows per page
Query Builder