Lucene search
K

14626 matches found

OSV
OSV
added 8 hours ago8 views

ROOT-OS-UBUNTU-2204-CVE-2025-37874 CVE-2025-37874 in rootio-linux - Patched by Root

Root has patched CVE-2025-37874 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.00245EPSS
Exploits0
OSV
OSV
added 8 hours ago5 views

ROOT-OS-UBUNTU-2204-CVE-2024-50277 CVE-2024-50277 in rootio-linux - Patched by Root

Root has patched CVE-2024-50277 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

4.7CVSS7.8AI score0.00187EPSS
Exploits0
Nuclei
Nuclei
added 12 hours ago69 views

Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

9.8CVSS7.1AI score0.09495EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago8 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS7.2AI score0.14886EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added 12 hours ago27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.2AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago46 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.2AI score0.01646EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago66 views

pfSense pfBlockerNG - OS Command Injection

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. id: CVE-2022-40624 info: name: pfSense pfBlockerNG - OS Command Injection author: ritikchaddha severity: critical description: | pfSense pfBlockerNG through 2.1.427 allow...

9.8CVSS7.3AI score0.17107EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago178 views

ThinVNC - Authentication Bypass

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...

10CVSS7.1AI score0.11027EPSS
Exploits2
Nuclei
Nuclei
added 12 hours ago139 views

Shopware < 6.5.8.13 - SQL Injection

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" ...

6.8CVSS6.1AI score0.1198EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago86 views

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

10CVSS7.1AI score0.13029EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago88 views

Tiki Wiki CMS GroupWare - Authentication Bypass

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. id: CVE-2020-15906 info: name: Tiki Wiki CMS GroupWare - Authentication Bypass author: JeonSungHyunnukunga,gy741,oIfloraIo,nechyo,harksu severity: critical description: | tiki-login.php in...

9.8CVSS7AI score0.27362EPSS
Exploits5References5
Nuclei
Nuclei
added 12 hours ago36 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6.2AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added 12 hours ago65 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.1AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago33 views

WPGraphQL 0.2.3 - User Creation

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. id: CVE-2019-9879 info: name: WPGraphQL 0.2.3 - User Creation author: DhiyaneshDk severity:...

9.8CVSS7.1AI score0.46614EPSS
Exploits3References4
Nuclei
Nuclei
added 12 hours ago12 views

ThemeGrill Demo Importer < 1.6.2 - Database Reset

ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...

9.1CVSS7.1AI score0.03429EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago82 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS6.1AI score0.01223EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago30 views

Mlflow < 2.17.0 - Local File Inclusion

Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...

7.5CVSS7AI score0.02484EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago115 views

Crypto <= 2.15 - Authentication Bypass

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

9.8CVSS6.2AI score0.07217EPSS
Exploits0References5
Rows per page
Query Builder