Lucene search
K

117625 matches found

GithubExploit
GithubExploit
added yesterday4 views

Exploit for Path Traversal in Adobe Coldfusion

CVE-2026-48282 — Adobe ColdFusion RDS Validation and Detection...

10CVSS7.9AI score0.01021EPSS
Exploits3
NVD
NVD
added yesterday5 views

CVE-2026-55633

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-55633

DataEase CVE-2026-55633 affects the DataEase open-source data visualization tool prior to version 2.10.24. The issue arises from a bypass of the H2 zip protocol and file dropper fix, enabling an authenticated attacker to upload a zip archive disguised with a .ttf extension via FontManage.saveFile...

8.7CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday5 views

CVE-2026-55633 DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-42090

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS6.3AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday1 views

CVE-2026-55633

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS6.3AI score
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-48779 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4,...

10CVSS6AI score0.00782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS7.5AI score0.51547EPSS
Exploits7Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS
Exploits1References3
Nuclei
Nuclei
added yesterday50 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

7.5CVSS7.1AI score0.30894EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday20 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS5.8AI score0.02016EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday175 views

LearnPress <= 4.2.5.7 - SQL Injection

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS7.1AI score0.51394EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday57 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS7.1AI score0.04715EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday56 views

LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection

The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

9.8CVSS6AI score0.36925EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday11 views

WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

9.3CVSS6.2AI score0.01425EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday29 views

LearnPress < 4.2.7.1 - SQL Injection

The LearnPress WordPress LMS Plugin before 4.2.7.1 is vulnerable to unauthenticated SQL injection via the 'cfields' parameter in the /wp-json/lp/v1/courses/archive-course REST API endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-8529 info: name:...

10CVSS6AI score0.11831EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday80 views

LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-45808 info: name: LearnPress Plugin 4.2.0 - Unauthenticated Time-Based Blind SQLi author: DhiyaneshDK severity: critical description: | SQL Injection vulnerability in LearnPress – WordPress LMS...

9.9CVSS7.3AI score0.04269EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday179 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7.2AI score0.0132EPSS
Exploits2
Nuclei
Nuclei
added yesterday87 views

WordPress WP01 - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2. id: CVE-2025-30567 info: name: WordPress WP01 - Path Traversal author: s4e-io severity: high description: | Improper...

7.5CVSS5.9AI score0.02628EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday84 views

perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks. id: CVE-2022-41412 info: name: perfSONAR 4.x = 4.4.4 - Server-Side Request Forgery author: nullhypothesis severity: high descriptio...

8.6CVSS7.2AI score0.04088EPSS
Exploits1References5
Rows per page
Query Builder