Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

Nuclei
Nucleiadded yesterday21 views

WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal

WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in downloadaudio.php that allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2015-4414 info: name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversa...

5CVSS7.5AI score0.09051EPSS
Exploits4References5
Nuclei
Nucleiadded yesterday20 views

ManageEngine Firewall Analyzer <8.0 - Local File Inclusion

ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. id: CVE-2015-7780 info: name: ManageEngine Firewall Analyzer 8.0 - Local File Inclusion author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion...

6.5CVSS6.8AI score0.36216EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday24 views

WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion

WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...

7.5CVSS7.3AI score0.4911EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday17 views

Swim Team <= v1.44.10777 - Local File Inclusion

The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. id: CVE-2015-5471 info: name: Swim Team = v1.44.10777 - Local File Inclusion author: 0xAkoko severity: medium description: The program...

5.3CVSS6.5AI score0.54004EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday47 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS5.9AI score0.49035EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday26 views

Navis DocumentCloud <0.1.1 - Cross-Site Scripting

Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. id: CVE-2015-2807 info: name: Navis DocumentCloud 0.1.1 - Cross-Site...

4.3CVSS5.8AI score0.0689EPSS
Exploits3References5
Nuclei
Nucleiadded yesterday91 views

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

7.5CVSS7.2AI score0.91897EPSS
Exploits16References5
Nuclei
Nucleiadded yesterday23 views

WordPress NewStatPress 0.9.8 - SQL Injection

WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nspsearch.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php. id: CVE-2015-4062 info: name: WordPress NewStatPress 0.9.8 - S...

6.5CVSS6.1AI score0.10258EPSS
Exploits6References5
Nuclei
Nucleiadded yesterday22 views

NewStatPress <0.9.9 - Cross-Site Scripting

WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nspsearch.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php. id: CVE-2015-4063 info: nam...

3.5CVSS5.8AI score0.01055EPSS
Exploits6References5
Nuclei
Nucleiadded yesterday22 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS5.8AI score0.05825EPSS
Exploits3References5
Nuclei
Nucleiadded yesterday40 views

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.1AI score0.03077EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday19 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6AI score0.1779EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday17 views

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

7.5CVSS7.1AI score0.61858EPSS
Exploits2References3
Nuclei
Nucleiadded yesterday18 views

Novius OS 5.0.1-elche - Open Redirect

Novius OS 5.0.1 Elche allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. id: CVE-2015-5354 info: name: Novius OS 5.0.1-elche - Open Redirect author: 0xAkoko severity: medium description: Novius OS...

5.8CVSS6AI score0.21803EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday90 views

Kentico CMS 8.2 - Open Redirect

Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. id: CVE-2015-7823 info: name: Kentico CMS 8.2 - Open Redirect author: 0xAkoko severity:...

5.8CVSS5.9AI score0.1267EPSS
Exploits3References4
Nuclei
Nucleiadded yesterday89 views

WordPress Slider Revolution - Local File Disclosure

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. id:...

5CVSS7.4AI score0.80822EPSS
Exploits5References5
Nuclei
Nucleiadded yesterday23 views

Ericsson Drutt MSDP - Local File Inclusion

Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the default URI in the Instance Monitor. id: CVE-2015-2166 info: name: Ericsson Drutt MSDP - Local File Inclusion author: daffainfo severity: mediu...

5CVSS7.5AI score0.73601EPSS
Exploits5References5
Nuclei
Nucleiadded yesterday24 views

Xsuite <=2.4.4.5 - Open Redirect

Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...

6.1CVSS6.9AI score0.04202EPSS
Exploits4References5
Nuclei
Nucleiadded yesterday28 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS5.8AI score0.38604EPSS
Exploits6References5
Nuclei
Nucleiadded yesterday45 views

Elasticsearch - Local File Inclusion

Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. id: CVE-2015-3337 info: name: Elasticsearch - Local File Inclusion author: pdteam severity: medium description: Elasticsearch before 1.4.5 and...

4.3CVSS7.4AI score0.91087EPSS
Exploits5References5
Rows per page
Query Builder