Lucene search
K

87961 matches found

GithubExploit
GithubExploit
added yesterday24 views

pac-exploits-priv

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...

7.8CVSS7AI score0.87351EPSS
Exploits151
GithubExploit
GithubExploit
added yesterday23 views

kit-exploits-prv

Information Exploit Title: Local Privilege Escalation i...

9CVSS7.5AI score0.87351EPSS
Exploits158
Nuclei
Nuclei
added yesterday17 views

ZoomSounds Plugin - Unauthenticated Arbitrary File Upload

ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...

9.8CVSS8.4AI score0.808EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday59 views

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

9.8CVSS8.6AI score0.74641EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday53 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7.3AI score0.7377EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday26 views

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

6.1CVSS5.9AI score0.13873EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday50 views

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

10CVSS9AI score0.59354EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday93 views

GenieACS => 1.2.8 - OS Command Injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...

9.8CVSS8.3AI score0.86931EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday40 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.7AI score0.79718EPSS
Exploits2
Nuclei
Nuclei
added yesterday61 views

emlog 5.3.1 Path Disclosure

emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file. id: CVE-2021-3293 info: name: emlog 5.3.1 Path Disclosure author: h1ei1 severity: medium description: emlog v5.3.1 is susceptible to full path disclosure via...

5.3CVSS5.7AI score0.64649EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday48 views

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

7.5CVSS7.5AI score0.92396EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday31 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.3AI score0.01278EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday37 views

Void Aural Rec Monitor 9.0.0.1 - SQL Injection

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.7AI score0.55868EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday41 views

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

6.1CVSS5.8AI score0.05226EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday24 views

WordPress Super Socializer <7.13.30 - Cross-Site Scripting

WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its thechampsharingcount AJAX action available to both unauthenticated and authenticated users before outputting it back in the response...

6.1CVSS5.9AI score0.06052EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday31 views

The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting

The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue. id: CVE-2021-25008 info: name: The Code Snippets WordPress Plugin 2.14.3 - Cross-Site Scripting author: cckuailo...

6.1CVSS5.9AI score0.03359EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday43 views

Easy Social Feed < 6.2.7 - Cross-Site Scripting

Easy Social Feed 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor. id: CVE-2021-25120 info: name: Easy...

6.1CVSS5.9AI score0.25584EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday40 views

WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

6.1CVSS5.8AI score0.02005EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday35 views

WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting

WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and startdate GET parameters on its Tour List page. id: CVE-2021-24235 info: name: WordPress Goto Tour & Travel Theme =2.0 to mitigate the XSS...

6.1CVSS5.9AI score0.43821EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday36 views

AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...

7.5CVSS7.2AI score0.25403EPSS
Exploits2References4
Rows per page
Query Builder