Lucene search
K

20388 matches found

Nuclei
Nuclei
added yesterday14 views

Pandora FMS <=7.0NG.722 - Remote Code Execution

Pandora FMS versions =7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload CVE-2018-11221 and a local file inclusion CVE-2018-11222. An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of t...

9.8CVSS7.8AI score0.06714EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday10 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.3AI score0.01974EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday26 views

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS6.6AI score0.28162EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday26 views

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.9AI score0.03111EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday128 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS7.9AI score0.76761EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday11 views

WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion

The Grow by Tradedoubler WordPress plugin through version 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. id: CVE-2024-6460 info:...

9.8CVSS6.2AI score0.04826EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday20 views

Vite Development Server - Path Traversal

Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files. id: CVE-2025-31125 info: name: Vite Development Server...

7.5CVSS6.6AI score0.58765EPSS
Exploits9References4
Nuclei
Nuclei
added yesterday60 views

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS7.7AI score0.10305EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday13 views

Moodle Jmol Filter 6.1 - Local File Inclusion

Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server. id: CVE-2025-34031 info: name: Moodle Jmol Filter 6.1 - Local File Inclusion author: madrobot severity: high description: | Moodle Jmol Filter 6.1 is...

8.7CVSS7.3AI score0.02963EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday23 views

MasterSAM Star Gate v11 - Local File Inclusion

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information...

6.5CVSS7.3AI score0.03012EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday98 views

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.9AI score0.15043EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday15 views

Devika - Local File Inclusion

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

7.5CVSS7.2AI score0.02073EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday42 views

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS7.8AI score0.04841EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday13 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday47 views

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

4.3CVSS6AI score0.01238EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday25 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.4AI score0.04306EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...

8.7CVSS7.2AI score0.04944EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday105 views

Apache Druid - Local File Inclusion

Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of t...

6.5CVSS6.4AI score0.81038EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday39 views

Joomla! ionFiles 4.4.2 - Local File Inclusion

Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles comionfiles that allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2008-6080 info: name: Joomla! ionFiles 4.4.2 - Local File Inclusion author: daffainfo...

5CVSS6.1AI score0.10637EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday139 views

WordPress Mail Masta 1.0 - Local File Inclusion

WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...

7.5CVSS7.1AI score0.10582EPSS
Exploits2References5
Rows per page
Query Builder