Lucene search
K

124010 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41525

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure...

5.3CVSS6AI score
Exploits0References2
NVD
NVD
added 3 hours ago5 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 4 hours ago4 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure...

5.3CVSS
Exploits0References1
CVE
CVE
added 4 hours ago4 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...

5.3CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 9 hours ago9 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS7AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago11 views

WP Popups - Information Disclosure

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...

5.3CVSS5.9AI score0.00927EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago60 views

Apache OFBiz - XML External Entity Injection

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS7.1AI score0.25743EPSS
Exploits0
Nuclei
Nuclei
added 9 hours ago36 views

Cobub Razor 0.8.0 - Information Disclosure

Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.ph...

5.3CVSS6.1AI score0.60586EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago56 views

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

4.3CVSS5.9AI score0.61114EPSS
Exploits5References3
Nuclei
Nuclei
added 9 hours ago40 views

D-Link DIR-610 Devices - Information Disclosure

D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZEDGROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. id: CVE-2020-9376 info: name: D-Link DIR-610 Devices - Information Disclosure author:...

7.5CVSS7.1AI score0.16586EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago31 views

rConfig <3.9.4 - Sensitive Information Disclosure

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...

7.5CVSS7.1AI score0.16671EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago17 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS5.9AI score0.00932EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago6 views

Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API

Piwigo = 16.3.0 contains an information disclosure vulnerability caused by the pwg.history.search API method lacking adminonly restriction, letting unauthenticated users access full browsing history, exploit requires no authentication id: CVE-2026-27833 info: name: Piwigo 16.3.0 - Unauthenticated...

7.5CVSS5.9AI score0.01522EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago6 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7.1AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago8 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.8AI score0.03816EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago11 views

Glances - Information Disclosure

Glances 4.5.1 contains an information disclosure vulnerability caused by unfiltered exposure of sensitive configuration data via the /api/4/config REST API endpoint, letting remote attackers access credentials, exploit requires API access. id: CVE-2026-30928 info: name: Glances - Information...

8.7CVSS7.1AI score0.01657EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago37 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.4AI score0.08923EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago29 views

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...

7.5CVSS7.1AI score0.31043EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago9 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS6AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago25 views

IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure

IP2Location Country Blocker plugin for WordPress up to version 2.38.8 contains a regular information exposure caused by missing capability checks on admininit, letting unauthenticated attackers view plugin settings, exploit requires no special conditions. id: CVE-2025-1361 info: name: IP2Location...

7.5CVSS7.1AI score0.01278EPSS
Exploits0References3
Rows per page
Query Builder