Lucene search
+L

66238 matches found

Nuclei
Nuclei
added 15 hours ago15 views

KevinLAB BEMS 1.0 - SQL Injection

KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and...

9.8CVSS8.7AI score0.08146EPSS
Exploits2References4
Nuclei
Nuclei
added 15 hours ago43 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago18 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.8AI score0.02258EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago32 views

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

7.3CVSS7AI score0.01084EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago13 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS5.6AI score0.02277EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago33 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS5.2AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago96 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

10CVSS8.6AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago96 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...

10CVSS8.6AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago87 views

Labstack Echo 4.8.0 - Open Redirect

Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-400...

9.6CVSS8.4AI score0.02333EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago82 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS8.9AI score0.99077EPSS
Exploits24References5
Nuclei
Nuclei
added 15 hours ago58 views

Artica Pandora FMS <=7.42 - Arbitrary File Read

Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. id:...

5.3CVSS5.9AI score0.05275EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago117 views

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

6.5CVSS6.5AI score0.07863EPSS
Exploits0References5
NVD
NVD
added 17 hours ago10 views

CVE-2026-9734

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-50526

A flaw was found in .NET. This vulnerability, stemming from improper link resolution before file access, allows an authorized local attacker to perform tampering. This could lead to unauthorized modification of data or system files...

7CVSS5.2AI score0.00159EPSS
Exploits0References4
NVD
NVD
added yesterday8 views

CVE-2026-16008

A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...

6.5CVSS
Exploits0References8
Cvelist
Cvelist
added yesterday39 views

CVE-2026-21770 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking

HCL Traveler for Microsoft Outlook HTMO is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...

6.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-8616

The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce validation on the fensebpvtsavesettings function in versions up to, and including, 3.0.1. The callback is registered to both wpajax and...

5.3CVSS0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday12 views

CVE-2026-47082

A flaw was found in Cyrus IMAP's cyrus-imapd component. A user with low privileges can exploit a vulnerability in the vacation "fcc" feature. By crafting a specific Sieve script, the user can bypass access control lists and deliver vacation auto-reply messages into any mailbox, leading to...

5.4CVSS6AI score0.00176EPSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-43978

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...

8.1CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44950

Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-admin users to escalate privileges by exploiting unenforced field restrictions on nested relational save operations. Attackers can modify sensitive User record fields such...

8.8CVSS6.1AI score0.00371EPSS
Exploits0References3
Rows per page
Query Builder