Lucene search
K

110888 matches found

Nuclei
Nuclei
added yesterday16 views

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

9.8CVSS7.1AI score0.04278EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday84 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02998EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday63 views

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6.4AI score0.04873EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday49 views

Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

9.8CVSS7AI score0.0289EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday72 views

NexusPHP <1.7.33 - Cross-Site Scripting

NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can...

6.1CVSS6.5AI score0.01543EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday13 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. id: CVE-2022-0429 info: name: W...

6.1CVSS6.4AI score0.01378EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday178 views

ThinVNC - Authentication Bypass

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...

10CVSS7.1AI score0.11027EPSS
Exploits2
Nuclei
Nuclei
added yesterday50 views

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

7.5CVSS7AI score0.1129EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday108 views

LISTSERV 17 - Cross-Site Scripting

LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2022-39195 info: name:...

6.1CVSS6.5AI score0.06314EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday58 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manageuser.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32028...

7.2CVSS7AI score0.04879EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday43 views

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised...

9.8CVSS7AI score0.2605EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday88 views

Smart Office Web 20.28 - Information Disclosure

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. id: CVE-2022-47075 info: name: Smart Office Web 20.28 - Information Disclosure author:...

7.5CVSS7AI score0.59407EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday12 views

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

4.8CVSS6.1AI score0.00872EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday40 views

WordPress Ad Inserter <2.7.10 - Cross-Site Scripting

WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...

6.1CVSS6.4AI score0.02389EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday66 views

pfSense pfBlockerNG - OS Command Injection

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. id: CVE-2022-40624 info: name: pfSense pfBlockerNG - OS Command Injection author: ritikchaddha severity: critical description: | pfSense pfBlockerNG through 2.1.427 allow...

9.8CVSS7.3AI score0.17107EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday71 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.3AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday42 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.7AI score0.02941EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday30 views

WordPress Accordions - Unauthenticated Settings Update

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress. id: CVE-2022-33198 info: name: WordPress Accordions - Unauthenticated Settings Update author: riteshs4hu severity: critical description: | Unauthenticated WordPress Options Change...

9.8CVSS6.2AI score0.02654EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday27 views

Piano LED Visualizer 1.3 - Local File Inclusion

Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. id: CVE-2022-24900 info: name: Piano LED Visualizer 1.3 - Local File Inclusion author: 0xAkoko severity: high description: | Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. impact: | An attacker...

9.9CVSS7AI score0.08038EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday39 views

WWBN AVideo 11.6 - Cross-Site Scripting

WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32770 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity:...

9.6CVSS6.7AI score0.03355EPSS
Exploits0References5
Rows per page
Query Builder