Lucene search
K

1625 matches found

Nuclei
Nuclei
added yesterday115 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.2AI score0.39335EPSS
Exploits1References4
OSV
OSV
added 2026/07/06 9:38 p.m.3 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 8:56 p.m.50 views

CVE-2026-44262

CVE-2026-44262 affects dedoc/scramble (Laravel API documentation generator) versions 0.13.2–0.13.21. The vulnerability arises when publicly accessible docs endpoints evaluate user-controlled input via NodeRulesEvaluator::doEvaluateExpression(), which may evaluate request data and execute arbitrar...

9.4CVSS6.1AI score0.0586EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:57 p.m.12 views

CVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.8AI score0.0089EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.10 views

CVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...

8.8CVSS6.2AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 4:16 p.m.8 views

CVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...

8.8CVSS0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.12 views

Conecteo Kiamo 安全漏洞

Conecteo Kiamo is a multi-channel customer interaction and contact center management platform developed by the French company Conecteo. Versions of Conecteo Kiamo prior to version 8.4 contained security vulnerabilities. These vulnerabilities were due to improper permission verification, which cou...

8.8CVSS6AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.5 views

CVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...

6.2AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.13 views

PT-2026-6302

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton that provides a production-ready, modular architecture with RBAC authorization and theme support. An authenticated user with file editor permissions can...

9.9CVSS6.2AI score0.00805EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.26 views

CVE-2019-18869

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17...

9.8CVSS7.9AI score0.01323EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/01 3:30 a.m.18 views

EUVD-2025-37406

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS6.7AI score0.00535EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-10828

Malware in sbrugna...

8.8CVSS8.7AI score0.00836EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4988

Malware in sbrugna...

9.8CVSS9.5AI score0.0177EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-3417

Malware in sbrugna...

7.5CVSS6.4AI score0.08176EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-2734

Malware in sbrugna...

7.5CVSS6.4AI score0.01477EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-5215

Malware in sbrugna...

6.5CVSS6.3AI score0.01739EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-4445

Malware in sbrugna...

7.5CVSS6.4AI score0.01264EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.14 views

EUVD-2007-2520

Malware in sbrugna...

7.5CVSS6.4AI score0.03642EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7908

Malware in sbrugna...

7.2CVSS7AI score0.01437EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2006-4044

Malware in sbrugna...

7.5CVSS6.4AI score0.08144EPSS
Exploits1References8
Rows per page
Query Builder