Lucene search
K

215192 matches found

Nuclei
Nuclei
added 2 days ago39 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS6.1AI score0.18703EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago23 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6.1AI score0.14847EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago46 views

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php id: CVE-2018-6910 info: name: DedeCMS 5.7 - Path Disclosure author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover t...

7.5CVSS7.2AI score0.18955EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago18 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS6AI score0.10899EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago54 views

Ray Static File - Local File Inclusion

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. id: CVE-2023-6020 info: name: Ray Static File - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's /static/ directory allows attackers to read any file on the...

7.5CVSS7.3AI score0.14652EPSS
Exploits3References2
Nuclei
Nuclei
added 2 days ago63 views

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

7.8CVSS6.1AI score0.28806EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago44 views

Joomla! Component Highslide 1.5 - Local File Inclusion

A directory traversal vulnerability in the Highslide JS comhsconfig component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1314 info: name: Joomla! Component Highslide 1.5 - Local File Inclusion...

5CVSS6.1AI score0.15909EPSS
Exploits2References4
Nuclei
Nuclei
added 2 days ago36 views

Gogs (Go Git Service) - SQL Injection

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS6.3AI score0.33391EPSS
Exploits5References6
Nuclei
Nuclei
added 2 days ago86 views

Adobe AEM Dispatcher <4.15 - Rules Bypass

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...

7.8CVSS7.2AI score0.5071EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago123 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS6AI score0.28802EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago49 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6AI score0.73635EPSS
Exploits11References5
Nuclei
Nuclei
added 2 days ago41 views

WordPress Plugin WP Content Source Control - Directory Traversal

A directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter. id: CVE-2014-5368 inf...

5CVSS7.4AI score0.18817EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago55 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.2AI score0.34012EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago53 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.5AI score0.14558EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago67 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.2AI score0.53008EPSS
Exploits3References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-210413

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-58295

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.3CVSS5.9AI score0.0038EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...

7.2CVSS0.01216EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago39 views

ZKTeco BioTime v8.5.5 - Path Traversal

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. id: CVE-2023-38950 info: name: ZKTeco BioTime v8.5.5 - Path Traversal author: iamnoooob,pdresearch severity: high description: | A pa...

7.5CVSS7.4AI score0.8488EPSS
Exploits3References5
Nuclei
Nuclei
added 3 days ago39 views

Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS7.4AI score0.80767EPSS
Exploits3References5
Rows per page
Query Builder