Lucene search
K

161845 matches found

EUVD
EUVD
added 7 hours ago8 views

EUVD-2026-43267

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score
Exploits0References8
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-43264

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...

5.3CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 9 hours ago9 views

EUVD-2026-43263

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS6.1AI score
Exploits0References10
Nuclei
Nuclei
added yesterday71 views

PMB v7.4.6 - Cross-Site Scripting

PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...

6.1CVSS6.4AI score0.01169EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday80 views

Nagios XI < 5.11.3 - SQL Injection

SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. id: CVE-2023-48084 info: name: Nagios XI 5.11.3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk...

9.8CVSS7.1AI score0.3374EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday39 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.7AI score0.04601EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday95 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.6AI score0.23566EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday19 views

Post Grid <= 2.2.50 - Information Exposure via REST API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...

7.5CVSS7AI score0.02041EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday51 views

XWiki >= 6.0-rc-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02081EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday62 views

DedeCMS v5.7.111 - Cross-Site Scripting

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php. id: CVE-2023-49494 info: name: DedeCMS v5.7.111 - Cross-Site Scripting author: ritikchaddha severity: medium description: | DedeCMS v5.7.111 was discover...

6.1CVSS6.3AI score0.01157EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday114 views

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

7.5CVSS7AI score0.1494EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

QloApps 1.6.0 - SQL Injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7AI score0.03157EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday163 views

XWiki - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02048EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday124 views

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.2AI score0.01222EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday67 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday26 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.4AI score0.0294EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday127 views

WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting

WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...

6.1CVSS6.3AI score0.26118EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday51 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.1AI score0.17313EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday93 views

Commvault CommCell - Local File Inclusion

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...

7.5CVSS7AI score0.09884EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Rows per page
Query Builder