CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

Intelbras NPLUG 1.0.0.14 - Authentication Bypass

Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...

9.3CVSS7.3AI score0.04999EPSS

Exploits3References2

Nuclei•added 10 hours ago•42 views

Apache Spark UI - Cross-Site Scripting

Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint. id: CVE-2018-8024 info: name: Apache Spark UI - Cross-Site Scripting author: ritikchaddha severity: medium description: | Apache Spark UI before 2.3.2 is vulnerable to XSS via...

5.4CVSS6AI score0.05046EPSS

Exploits0References2

Nuclei•added 10 hours ago•97 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7.4AI score0.59552EPSS

Exploits6References4

Nuclei•added 10 hours ago•37 views

NagiosXI <= 5.4.12 - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. id: CVE-2018-10736 info: name: NagiosXI = 5.4.12 - SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the...

7.2CVSS7.2AI score0.42556EPSS

Exploits2References3

Nuclei•added 10 hours ago•22 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7.1AI score0.17982EPSS

Exploits3

Nuclei•added 10 hours ago•17 views

Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion

Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. id: CVE-2018-13980 info: name: Zeta Producer Desktop CMS 14.2.1 - Local File Inclusion author...

5.5CVSS6.8AI score0.06902EPSS

Exploits5References5

Nuclei•added 10 hours ago•27 views

CirCarLife Scada <4.3 - System Log Exposure

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. id: CVE-2018-12634 info: name: CirCarLife Scada 4.3 - System Log...

9.8CVSS7.3AI score0.57737EPSS

Exploits5References5

Nuclei•added 10 hours ago•24 views

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of...

5.4CVSS5.9AI score0.05103EPSS

Exploits5References5

Nuclei•added 10 hours ago•14 views

Seagate NAS OS 4.3.15.1 - Open Redirect

Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. id: CVE-2018-12300 info: name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.02698EPSS

Exploits1References2

Nuclei•added 10 hours ago•29 views

WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting

WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in processforms via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php. id: CVE-2018-18069 info: name: WordPress...

6.1CVSS6.2AI score0.12763EPSS

Exploits2References5

Nuclei•added 10 hours ago•55 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7.4AI score0.82976EPSS

Exploits5References5

Nuclei•added 10 hours ago•441 views

FUEL CMS 1.4.1 - Remote Code Execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...

9.8CVSS7.4AI score0.82937EPSS

Exploits17References5

Nuclei•added 10 hours ago•36 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.3AI score0.03588EPSS

Exploits1References3

Nuclei•added 10 hours ago•22 views

Centos Web Panel 0.9.8.480 - Local File Inclusion

Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...

7.5CVSS7.5AI score0.70736EPSS

Exploits2References5

Nuclei•added 10 hours ago•45 views

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...

6.1CVSS6.2AI score0.03883EPSS

Exploits0References4

Nuclei•added 10 hours ago•28 views

Loytec LGATE-902 <6.4.2 - Local File Inclusion

Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. id: CVE-2018-14916 info: name: Loytec LGATE-902 6.4.2 - Local File Inclusion author: 0xAkoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion...

9.4CVSS7.3AI score0.17195EPSS

Exploits3References5

Nuclei•added 10 hours ago•17 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

4.8CVSS5.6AI score0.01424EPSS

Exploits1References3

Nuclei•added 10 hours ago•28 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS5.9AI score0.01514EPSS

Exploits5References4

Nuclei•added 10 hours ago•25 views

IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion

IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. id: CVE-2018-10956 info: name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion author: 0xAkoko severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. impact: | An...

7.5CVSS7.1AI score0.56318EPSS

Exploits6References5

Nuclei•added 10 hours ago•16 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.3AI score0.02257EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by