Lucene search
K

36661 matches found

Nuclei
Nuclei
added 10 hours ago182 views

ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

7.2CVSS7AI score0.13894EPSS
Exploits14References4
Nuclei
Nuclei
added 10 hours ago30 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago17 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago82 views

MetInfo CMS <= 8.1 - Remote Code Execution

MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....

9.8CVSS7.4AI score0.39688EPSS
Exploits4References3
Nuclei
Nuclei
added 10 hours ago22 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.2AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago185 views

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

9.8CVSS7.4AI score0.99105EPSS
Exploits9References5
Nuclei
Nuclei
added 10 hours ago139 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago67 views

Microweber <1.3.2 - Cross-Site Scripting

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. id: CVE-2022-3242 info: name: Microweber 1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber...

6.1CVSS6.2AI score0.01383EPSS
Exploits1References4
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57811 WordPress Realtyna Organic IDX plugin plugin <= 5.2.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.2.0...

10CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-15533

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS0.00248EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-15533

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43279

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday25 views

CVE-2026-15533 DedeCMS Column Management search.php code injection

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS0.00248EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-15533

CVE-2026-15533 targets DedeCMS 5.7.118. The flaw is in the Column Management module, specifically /plus/search.php, where manipulating the Column Name argument allows code injection. It is exploitable remotely and a public exploit exists. The CVSS-derived assessment in the record indicates MEDIUM...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References6
EUVD
EUVD
added yesterday11 views

EUVD-2026-43253

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-15513

A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlinkucisetvalue of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lanip results in os command injection. The attack can be initiated remotely. The exploit has been released to the...

6.5CVSS0.01422EPSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15512

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS0.00376EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-15512 pig-mesh Pig pig-codegen GeneratorServiceImpl.java code injection

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS0.00376EPSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-15512

CVE-2026-15512 affects pig-mesh Pig up to 3.9.2. The issue lies in pig-codegen, specifically GeneratorServiceImpl.java, where certain manipulation leads to code injection. The vulnerability appears exploitable remotely, with a publicly available exploit. The vendor was contacted early but did not...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References5
NVD
NVD
added 2 days ago8 views

CVE-2026-15497

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS0.00394EPSS
Exploits0References5
Rows per page
Query Builder