Lucene search
K

73249 matches found

BDU FSTEC
BDU FSTEC
added yesterday16 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
Nuclei
Nuclei
added yesterday46 views

PyTorch TorchServe SSRF

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

10CVSS7AI score0.35256EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday30 views

CyberPanel - Command Injection

CyberPanel contains a command injection vulnerability in the /ftp/getresetstatus and /dns/getresetstatus endpoints.The vulnerability exists due to improper validation of the 'statusfile' parameter, which is directly used in a shell command.The security middleware only validates POST requests,...

10CVSS7.1AI score0.94798EPSS
Exploits7References3
Nuclei
Nuclei
added yesterday20 views

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...

5.8CVSS6.6AI score0.04612EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday42 views

EyouCms v1.6.2 - Cross-Site Scripting

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...

6.1CVSS6.3AI score0.01224EPSS
Exploits1
Nuclei
Nuclei
added yesterday71 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday51 views

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

9.8CVSS7.5AI score0.77951EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday26 views

XWiki >= 13.10.8 - Cross-Site Scripting

Reflected XSS vulnerability in XWiki authenticate endpoints allows execution of arbitrary JavaScript. id: CVE-2023-29506 info: name: XWiki = 13.10.8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Reflected XSS vulnerability in XWiki authenticate endpoints allows...

6.1CVSS6.5AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday9 views

Blesta <= 5.13.1 - Cross-Site Scripting

Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions. id: CVE-2026-25616 info: name: Blesta = 5.13.1 - Cross-Site Scripting author: 0xAkoko severity:...

6.1CVSS6.1AI score0.00383EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday25 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS7.3AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added yesterday68 views

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

6.1CVSS6.4AI score0.04731EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday38 views

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6.4AI score0.15682EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday184 views

Hotel Druid 3.0.2 - Cross-Site Scripting

Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. id: CVE-2021-37833 info: name: Hotel Druid 3.0.2 - Cross-Site Scripting author: pikpikcu,s4e-io severity: medium description: Hotel Druid 3.0.2 contains a...

6.1CVSS6.5AI score0.04878EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday109 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.8AI score0.13751EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday37 views

XWiki - Open Redirect

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

6.1CVSS6.3AI score0.01756EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday19 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.6AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday45 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday81 views

Aryanic HighMail (High CMS) - Cross-Site Scripting

A cross-site scripting vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. id: CVE-2020-23517 info: name: Aryanic HighMail High CMS - Cross-Site Scripting author: geeknik severity: medium...

6.1CVSS6.5AI score0.07051EPSS
Exploits1References5
Rows per page
Query Builder