Lucene search
+L

126800 matches found

osv
osv
added 8 hours ago3 views

ROOT-OS-DEBIAN-13-CVE-2023-26242 CVE-2023-26242 in rootio-linux - Patched by Root

Root has patched CVE-2023-26242 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

7.8CVSS8.3AI score0.0024EPSS
Exploits0
osv
osv
added 8 hours ago6 views

ROOT-OS-DEBIAN-13-CVE-2023-37454 CVE-2023-37454 in rootio-linux - Patched by Root

Root has patched CVE-2023-37454 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS8.3AI score0.00361EPSS
Exploits1
osv
osv
added 8 hours ago5 views

ROOT-OS-DEBIAN-13-CVE-2023-6240 CVE-2023-6240 in rootio-linux - Patched by Root

Root has patched CVE-2023-6240 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

6.5CVSS7.6AI score0.00969EPSS
Exploits0
osv
osv
added 8 hours ago7 views

ROOT-OS-DEBIAN-13-CVE-2023-3397 CVE-2023-3397 in rootio-linux - Patched by Root

Root has patched CVE-2023-3397 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

6.3CVSS5.4AI score0.0021EPSS
Exploits0
osv
osv
added 8 hours ago8 views

ROOT-OS-DEBIAN-13-CVE-2023-31081 CVE-2023-31081 in rootio-linux - Patched by Root

Root has patched CVE-2023-31081 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00355EPSS
Exploits0
osv
osv
added 8 hours ago7 views

ROOT-OS-DEBIAN-13-CVE-2023-31085 CVE-2023-31085 in rootio-linux - Patched by Root

Root has patched CVE-2023-31085 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS7.8AI score0.00379EPSS
Exploits0
nuclei
nuclei
added yesterday71 views

OpenCMS - Cross-Site Scripting

OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...

6.1CVSS7AI score0.0059EPSS
Exploits0References1
nuclei
nuclei
added yesterday21 views

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...

7.5CVSS6.9AI score0.01425EPSS
Exploits0References1
nuclei
nuclei
added yesterday27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.2AI score0.0196EPSS
Exploits0References3
nuclei
nuclei
added yesterday323 views

SonicWall GMS and Analytics Web Services - Shell Injection

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions id: CVE-2023-34124 info: name: SonicWall GMS and Analytics Web...

9.8CVSS6.9AI score0.44715EPSS
Exploits2References5
nuclei
nuclei
added yesterday74 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
nuclei
nuclei
added yesterday33 views

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...

9.8CVSS7.1AI score0.03283EPSS
Exploits3References1
nuclei
nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
nuclei
nuclei
added yesterday67 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.2AI score0.01027EPSS
Exploits1References3
nuclei
nuclei
added yesterday173 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References2
nuclei
nuclei
added yesterday44 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7AI score0.02041EPSS
Exploits0References2
nuclei
nuclei
added yesterday63 views

Avaya Aura Device Services - OS Command Injection

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. id: CVE-2023-3722 info: name:...

9.8CVSS7.4AI score0.03334EPSS
Exploits1References2
nuclei
nuclei
added yesterday58 views

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

6.1CVSS4.4AI score0.01365EPSS
Exploits1References2
nuclei
nuclei
added yesterday205 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7AI score0.03757EPSS
Exploits1
nuclei
nuclei
added yesterday11 views

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

9.8CVSS7.1AI score0.03911EPSS
Exploits2References3
Rows per page
Query Builder