Lucene search
K

434 matches found

Nuclei
Nuclei
added 13 hours ago51 views

LiveZilla Server 8.0.1.0 - Cross-Site Scripting

LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. id: CVE-2019-12962 info: name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting author: Clment Cruchet severity: medium description: | LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. impact: |...

6.1CVSS6.5AI score0.09052EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago12 views

Bitrix Site Management 2.x - Open Redirect

Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters. id: CVE-2008-2052 info: name: Bitrix Site Management 2.x - Open Redirect author: pikpikcu,gtrrnr,liangtovi-debug severity: medium...

6.1CVSS6.5AI score0.01568EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago23 views

PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickupid leads to cross site scripting. The attack may be launched remotely. id:...

6.1CVSS3.9AI score0.02499EPSS
Exploits3References4
Nuclei
Nuclei
added 13 hours ago17 views

PHPJabbers Taxi Booking 2.0 - Cross Site Scripting

A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. id: CVE-2023-4116 info...

6.1CVSS3.9AI score0.0522EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago133 views

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

4.9CVSS6.7AI score0.57683EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago16 views

mooDating 1.2 - Cross-site scripting

A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-3849 info:...

6.1CVSS4AI score0.03678EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago23 views

MooDating 1.2 - Cross-site scripting

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. id: CVE-2023-3848...

6.1CVSS3.9AI score0.03678EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago26 views

WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting

WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...

6.1CVSS6.2AI score0.17638EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago82 views

WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection

WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive...

7.2CVSS7.3AI score0.73293EPSS
Exploits6References5
Nuclei
Nuclei
added 13 hours ago147 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.4AI score0.78812EPSS
Exploits7References4
Nuclei
Nuclei
added 13 hours ago37 views

WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...

8.8CVSS7.2AI score0.52007EPSS
Exploits8References5
Nuclei
Nuclei
added 13 hours ago80 views

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS7.7AI score0.60377EPSS
Exploits9References5
Nuclei
Nuclei
added 13 hours ago37 views

ReQlogic v11.3 - Cross Site Scripting

ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. id: CVE-2022-41441 info: name: ReQlogic v11.3 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ReQlogic v11.3 allow attackers ...

6.1CVSS6.6AI score0.05302EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago18 views

Thinfinity Iframe Injection

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...

9.8CVSS6.7AI score0.39973EPSS
Exploits7References5
Nuclei
Nuclei
added 13 hours ago18 views

Cloudron 6.2 Cross-Site Scripting

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting. id: CVE-2021-40868 info: name: Cloudron 6.2 Cross-Site Scripting author: daffainfo severity: medium description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site...

6.1CVSS5.8AI score0.09071EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago64 views

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

9.8CVSS7.7AI score0.92382EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago165 views

SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting

SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...

6.1CVSS6.7AI score0.22318EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago30 views

Thinfinity VirtualUI User Enumeration

Thinfinity VirtualUI before v3.0, /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users Administrator, Guest, etc. id: CVE-2021-44848 info: name: Thinfinity VirtualUI User Enumeration author: danielmofer severity: medium...

5.3CVSS6AI score0.23141EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago54 views

Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key RSA disclosure vulnerability. id: CVE-2021-40149 info: name: Reolink E1 Zoom Camera =3.0.0.716 - Private Key Disclosure author: For3stCo1d severity: medium description: | Reolink E1 Zoom Camera versions 3.0.0.716 and...

5.9CVSS6.8AI score0.05994EPSS
Exploits4References5
Nuclei
Nuclei
added 13 hours ago30 views

Simple Task Managing System v1.0 - SQL Injection

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...

9.8CVSS7.4AI score0.20693EPSS
Exploits5References5
Rows per page
Query Builder