Lucene search
+L

33416 matches found

ATTACKERKB
ATTACKERKB
added 10 hours ago4 views

CVE-2026-16220

A vulnerability has been found in code-projects Online Examination System 1.0. This vulnerability affects unknown code of the file /account.php?q=quiz. Such manipulation of the argument eid/n/t leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to t...

5.3CVSS3.6AI score
Exploits0References6Affected Software1
CVE
CVE
added 10 hours ago8 views

CVE-2026-16220

CVE-2026-16220 affects code-projects Online Examination System 1.0. The vulnerability resides in unknown code handling the parameter eid/n/t in /account.php?q=quiz, enabling cross-site scripting through manipulation of that argument. Impact details stated include remote feasibility with low to mo...

5.3CVSS3.7AI score
Exploits0References6
GithubExploit
GithubExploit
added 10 hours ago22 views

Exploit for CVE-2026-63030

wp2shell Pre-Authentication Remote Code Execution in WordPres...

9.8CVSS6.7AI score0.08946EPSS
Exploits35
Nuclei
Nuclei
added 13 hours ago413 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS8.5AI score0.53879EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago71 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6AI score0.03521EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago23 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS7.1AI score0.06719EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago18 views

FatPipe WARP/IPVPN/MPVPN - Backdoor Account

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain an account named "cmuser" with administrative privileges and no password, letting attackers gain unauthorized admin access, exploit requires no authentication. id: CVE-2021-27856 info: name: FatPipe...

9.8CVSS8.4AI score0.05598EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago69 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.3AI score0.02907EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago36 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS5.3AI score0.00711EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago54 views

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS7AI score0.02289EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago72 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago293 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS5.3AI score0.00606EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago70 views

Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation

Apache StreamPipes from version 0.69.0 through 0.93.0 uses a cryptographically weak Pseudo-Random Number Generator PRNG in the recovery token generation mechanism. Given a valid token it's possible to predict all past and future generated tokens. id: CVE-2024-29868 info: name: Apache StreamPipes ...

9.1CVSS5.2AI score0.05995EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago82 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS7.1AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago98 views

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

9.8CVSS8.9AI score0.18241EPSS
Exploits3References4
Nuclei
Nuclei
added 13 hours ago38 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS5.5AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added 13 hours ago39 views

WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS5.3AI score0.04156EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago76 views

ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...

8.1CVSS7.9AI score0.0852EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago58 views

Sony IPELA Engine IP Camera - Hardcoded Account

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...

8.8CVSS7.9AI score0.03901EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago37 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS5.4AI score0.03316EPSS
Exploits6References5
Rows per page
Query Builder