Lucene search
K

25358 matches found

Nuclei
Nuclei
added 17 hours ago6 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7.1AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added 17 hours ago7 views

LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

5.4CVSS6AI score0.00748EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago7 views

Lyrion Music Server <= 9.2.0 - Cross-Site Scripting

Lyrion Music Server 9.2.0 contains a reflected XSS caused by improper sanitization of the search parameter in the server.log endpoint, letting unauthenticated attackers execute arbitrary script in users' browsers. id: CVE-2026-50230 info: name: Lyrion Music Server = 9.2.0 - Cross-Site Scripting...

6.1CVSS6.1AI score0.00324EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago29 views

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

8.2CVSS5.8AI score0.01098EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago15 views

VMware vRealize Log Insight - Improper Access Control to RCE

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...

9.8CVSS7.6AI score0.81011EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago17 views

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...

7.5CVSS7AI score0.03096EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago27 views

Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48166 info: name: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure author: ritikchaddha...

7.5CVSS7.1AI score0.02823EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago21 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS5.9AI score0.01175EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...

5.3CVSS7AI score0.21657EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday83 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.9AI score0.13751EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday43 views

Riello Netman 204 - SQL Injection

The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...

9.8CVSS7.5AI score0.7703EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday59 views

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

5.3CVSS6.2AI score0.24513EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

7.5CVSS7.2AI score0.47137EPSS
Exploits1References4
CVE
CVE
added yesterday9 views

CVE-2026-46467

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...

5.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41543

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added 2 days ago60 views

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

7.5CVSS7.4AI score0.60113EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago14 views

VMware vRealize Log Insight - Path Traversal

he vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. id: CVE-2022-31706 info: name: VMware vRealize Log Insight - Path Traversal...

9.8CVSS7.8AI score0.87077EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2 days ago3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
Rows per page
Query Builder