Lucene search
+L

263 matches found

Nuclei
Nuclei
added yesterday301 views

CraftCMS SEOmatic - Server-Side Template Injection

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution. id: CVE-2021-41749 info: name: CraftCMS SEOmatic - Server-Side Template Injection author: iamnoooob,ritikchaddha...

9.8CVSS8.7AI score0.17249EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday96 views

Apache ShenYu Admin JWT - Authentication Bypass

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. id: CVE-2021-37580 info: name: Apache ShenYu Admin JWT - Authentication Bypass author: pdteam severity: critical descriptio...

9.8CVSS8.4AI score0.40058EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday72 views

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...

10CVSS8.4AI score0.09733EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS8.4AI score0.208EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday327 views

phpfastcache - phpinfo Resource Exposure

phpinfo is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. id: CVE-2021-37704 info: name: phpfastcache - phpinfo Resource Exposure author: whoever severity: medium description: phpinfo is susceptible to resource exposure in unprotected compos...

5.4CVSS5.1AI score0.06132EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday60 views

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

6.1CVSS6.1AI score0.13041EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday51 views

Galera WebTemplate 1.0 Directory Traversal

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. id: CVE-2021-40960 info: name: Galera WebTemplate 1.0 Directory Traversal author: daffainfo severity: critical description: Galera WebTemplate 1.0 is affected ...

9.8CVSS8.4AI score0.09768EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday103 views

Apache OFBiz <17.12.07 - Arbitrary Code Execution

Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions. id: CVE-2021-30128 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: For3stCo1d...

10CVSS9.1AI score0.81079EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday118 views

Hongdian H8922 3.0.5 - Remote Command Injection

Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...

9CVSS8.1AI score0.27912EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday77 views

Hue Magic 3.0.0 - Local File Inclusion

Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. id: CVE-2021-25864 info: name: Hue Magic 3.0.0 - Local File Inclusion author: 0xAkoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. impact: | The LFI...

7.5CVSS7.4AI score0.09331EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday38 views

Vehicle Service Management System 1.0 - Cross Site Scripting

Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel. id: CVE-2021-46073 info: name: Vehicle Service Management System 1.0 - Cross Site Scripting author: TenBird severity: medium description: | Vehicle Service Management Syst...

4.8CVSS4.8AI score0.02759EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

Chaty < 2.8.2 - Cross-Site Scripting

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...

6.1CVSS6.2AI score0.01798EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday65 views

Appspace 6.2.4 - Server-Side Request Forgery

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. id: CVE-2021-27670 info: name: Appspace 6.2.4 - Server-Side Request Forgery author: ritikchaddha severity: critical description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. impact...

9.8CVSS8.4AI score0.61274EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday86 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS7.5AI score0.0968EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday80 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.8AI score0.03125EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday81 views

kkFileview v4.0.0 - Local File Inclusion

kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...

7.5CVSS7.3AI score0.10728EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday150 views

WordPress Statistics <13.0.8 - Blind SQL Injection

WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...

7.5CVSS7.6AI score0.29776EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday75 views

GLPI 9.2/<9.5.6 - Information Disclosure

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-39211 info: name: GLPI 9.2/9.5.6 -...

5.3CVSS7AI score0.04699EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday60 views

WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting

WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration. id: CVE-2021-24214...

6.1CVSS5.8AI score0.0163EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday84 views

WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting

WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors. id: CVE-2021-20792 info: name: WordPress Quiz and Survey Master 7.1.14 - Cross-Site Scripting author: dhiyaneshD...

6.1CVSS6.1AI score0.03515EPSS
Exploits1References5
Rows per page
Query Builder