Lucene search
K

151 matches found

Nuclei
Nuclei
added 10 hours ago72 views

Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...

7.2CVSS7AI score0.43042EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

9.8CVSS7AI score0.63711EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56408

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious scripts are...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 12:17 p.m.15 views

CVE-2026-57621

Unauthenticated PHP Object Injection in Booktics = 1.0.21 versions...

9.8CVSS0.00336EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-288 aws-mcp has a Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

9.8CVSS7.9AI score0.01908EPSS
Exploits1References5
CVE
CVE
added 2026/06/18 5:34 a.m.33 views

CVE-2026-11784

The CVE describes a Cross‑Site Request Forgery in the WordPress plugin Optimole – Optimize Images (

4.3CVSS5.4AI score0.00157EPSS
Exploits1References6
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2025-59560

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS0.0023EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

9.2CVSS6.1AI score0.04261EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.5AI score0.00243EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/29 12:0 a.m.108 views

VulnCheck KEV: CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
In wildExploits1References3
EUVD
EUVD
added 2026/05/28 3:27 a.m.14 views

EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/24 6:32 p.m.150 views

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CMS Made Simple CVE-2019-9053 Exploit Python 3 Python 3 com...

8.1CVSS7.3AI score0.55958EPSS
Exploits38
GithubExploit
GithubExploit
added 2026/05/22 6:23 p.m.134 views

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 RCE proof-of-concept for CVE-20...

9.2CVSS6.8AI score0.61469EPSS
Exploits40
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to values specified by the user, which determine the number of elements in the multi-bulk header and the size of each element in...

7.5CVSS6.3AI score0.1578EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.102 views

VulnCheck KEV: CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.61469EPSS
In wildExploits40References2
Debian CVE
Debian CVE
added 2026/05/13 2:12 p.m.13 views

CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

9.2CVSS6.4AI score0.61469EPSS
Exploits40
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.39 views

CVE-2026-7464 WP Google Maps Integration <= 1.2 - Reflected Cross-Site Scripting via 'page' Parameter

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:45 p.m.8 views

BIT-JAVA-MIN-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.00611EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 6:47 a.m.9 views

CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.0045EPSS
Exploits0References11
Rows per page
Query Builder