Lucene search
K

180630 matches found

Nuclei
Nuclei
added 19 hours ago102 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7.2AI score0.22292EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago65 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS5.9AI score0.01235EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago15 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago27 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS6.1AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday19 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS6AI score0.17393EPSS
Exploits1References3
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-41683

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2 days ago10 views

CVE-2026-14627

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS0.00369EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago63 views

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSWcxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. id:...

9.8CVSS7.2AI score0.27215EPSS
Exploits6References5
CVE
CVE
added 3 days ago13 views

CVE-2026-14605

CVE-2026-14605 affects RT-Thread up to 5.0.2. The vulnerability is in the function recvmsg within bsp/loongson/ls1cdev/libraries/ls1c_can.h of the ls1c CAN Handler . It enables a stack-based buffer overflow when processing input, with local access required to exploit. Public exploit code exists. ...

8.5CVSS7.4AI score0.00141EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.00196EPSS
Exploits0References3
Circl
Circl
added 4 days ago6 views

CVE-2026-14074

creationtimestamp| type| source ---|---|--- 2026-07-02 07:51:32+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:45:08+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260706...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago4 views

WordPress Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability

Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Academy LMS versions = 3.8.1...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:15 p.m.6 views

EUVD-2026-40125

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 12:0 p.m.9 views

CVE-2026-13565

The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 11:15 a.m.13 views

CVE-2026-13562

The CVE concerns Edimax EW-7478APC 1.04, impacting the formiNICSiteSurvey function in /goform/formiNICSiteSurvey of the POST Request Handler. The root cause is a buffer overflow triggered by manipulating the selSSID argument, allowing remote initiation of an attack. This CVE has a published explo...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 11:0 a.m.33 views

CVE-2026-13561 Edimax EW-7478APC POST Request formiNICbasic os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote...

6.5CVSS0.01158EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 9:30 a.m.16 views

CVE-2026-13555

The CVE-2026-13555 entry affects itsourcecode Online Hotel Management System 1.0. Affected component: /admin/mod_users/controller.php?action=add. Description indicates that manipulating the Name parameter yields SQL injection, exploitable remotely. Public exploit exists (proof-of-concept level). ...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 5:15 a.m.32 views

CVE-2026-13538 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS0.01306EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/29 12:31 a.m.7 views

EUVD-2026-40006

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References8
Rows per page
Query Builder