Lucene search
+L

43652 matches found

Github Security Blog
Github Security Blog
added yesterday5 views

Gitea has insufficient permission checks for Composer package source links

CVE Description Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information. Summary A critical vulnerability has been discovered in Gitea. It was already reported via...

8.2CVSS7.7AI score0.40738EPSS
Exploits1References6Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-12691

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45219

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday72 views

InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

9.8CVSS5.4AI score0.05794EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday45 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS5.6AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday47 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS8.1AI score0.01646EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday27 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS9.3AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added yesterday137 views

FOG Project < 1.5.10.34 - Remote Command Execution

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...

9.8CVSS5.3AI score0.23414EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday92 views

WBCE CMS v1.5.4 - Remote Code Execution

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. id: CVE-2022-46020 info: name: WBCE CMS v1.5.4 - Remote Code Execution author: theamanrawat severity: critical description: | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. impact: | Successful...

9.8CVSS8.4AI score0.38953EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday66 views

pfSense pfBlockerNG - OS Command Injection

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. id: CVE-2022-40624 info: name: pfSense pfBlockerNG - OS Command Injection author: ritikchaddha severity: critical description: | pfSense pfBlockerNG through 2.1.427 allow...

9.8CVSS9AI score0.17107EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday12 views

FOGProject <= 1.5.10.1673 - Authentication Bypass

FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database informatio...

9.9CVSS5.3AI score0.17647EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday36 views

RevPi Webstatus <= v2.4.5 - Authentication Bypass

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device id: CVE-2025-41646 info: name: RevPi Webstatus = v2.4.5 - Authentication Bypass author: DhiyaneshDK severity: critic...

9.8CVSS8.4AI score0.43286EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday131 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS5.9AI score0.03395EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday130 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS9.1AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday20 views

WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

9.8CVSS8AI score0.06888EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday163 views

GeoServer WPS - Server Side Request Forgery

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS8.2AI score0.67715EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday24 views

openSIS Classic v9.1 - SQL Injection

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...

9.8CVSS5.8AI score0.02192EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday25 views

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS5.5AI score0.01836EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday115 views

Crypto <= 2.15 - Authentication Bypass

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

9.8CVSS5.6AI score0.07217EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday88 views

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

9.8CVSS7.4AI score0.98067EPSS
Exploits3References3
Rows per page
Query Builder