Lucene search
+L

263 matches found

Nuclei
Nuclei
added yesterday301 views

CraftCMS SEOmatic - Server-Side Template Injection

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution. id: CVE-2021-41749 info: name: CraftCMS SEOmatic - Server-Side Template Injection author: iamnoooob,ritikchaddha...

9.8CVSS8.7AI score0.17249EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday96 views

Apache ShenYu Admin JWT - Authentication Bypass

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. id: CVE-2021-37580 info: name: Apache ShenYu Admin JWT - Authentication Bypass author: pdteam severity: critical descriptio...

9.8CVSS8.4AI score0.40058EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS8.4AI score0.208EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday327 views

phpfastcache - phpinfo Resource Exposure

phpinfo is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. id: CVE-2021-37704 info: name: phpfastcache - phpinfo Resource Exposure author: whoever severity: medium description: phpinfo is susceptible to resource exposure in unprotected compos...

5.4CVSS5.1AI score0.06132EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday60 views

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

6.1CVSS6.1AI score0.13041EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday51 views

Galera WebTemplate 1.0 Directory Traversal

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. id: CVE-2021-40960 info: name: Galera WebTemplate 1.0 Directory Traversal author: daffainfo severity: critical description: Galera WebTemplate 1.0 is affected ...

9.8CVSS8.4AI score0.09768EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday118 views

Hongdian H8922 3.0.5 - Remote Command Injection

Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...

9CVSS8.1AI score0.27912EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday77 views

Hue Magic 3.0.0 - Local File Inclusion

Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. id: CVE-2021-25864 info: name: Hue Magic 3.0.0 - Local File Inclusion author: 0xAkoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. impact: | The LFI...

7.5CVSS7.4AI score0.09331EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday38 views

Vehicle Service Management System 1.0 - Cross Site Scripting

Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel. id: CVE-2021-46073 info: name: Vehicle Service Management System 1.0 - Cross Site Scripting author: TenBird severity: medium description: | Vehicle Service Management Syst...

4.8CVSS4.8AI score0.02759EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday65 views

Appspace 6.2.4 - Server-Side Request Forgery

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. id: CVE-2021-27670 info: name: Appspace 6.2.4 - Server-Side Request Forgery author: ritikchaddha severity: critical description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. impact...

9.8CVSS8.4AI score0.61274EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday86 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS7.5AI score0.0968EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday80 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.8AI score0.03125EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday81 views

kkFileview v4.0.0 - Local File Inclusion

kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...

7.5CVSS7.3AI score0.10728EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday75 views

GLPI 9.2/<9.5.6 - Information Disclosure

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-39211 info: name: GLPI 9.2/9.5.6 -...

5.3CVSS7AI score0.04699EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday77 views

WordPress Realteo <=1.2.3 - Cross-Site Scripting

WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page. id: CVE-2021-24237 info: name:...

6.1CVSS5.8AI score0.06298EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday95 views

WordPress Imagements <=1.2.5 - Arbitrary File Upload

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by...

9.8CVSS9.1AI score0.0714EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday35 views

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php modname parameter, which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. id: CVE-2021-40651 info: name: OS4Ed OpenSIS Community 8.0 - Local...

6.5CVSS6.6AI score0.17945EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday59 views

Netmask NPM Package - Server-Side Request Forgery

Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...

9.1CVSS7.3AI score0.16657EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday98 views

i-Panel Administration System 2.0 - Cross-Site Scripting

i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console. id: CVE-2021-41878 info: name: i-Panel Administration System 2.0 - Cross-Site Scripting author: madrobot severity: medium...

6.1CVSS6.3AI score0.09912EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday53 views

Reprise License Manager 14.2 - Authentication Bypass

Reprise License Manager RLM 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. id: CVE-2021-44152 info: name: Reprise License Manager 14.2 - Authentication Bypass author: Akincibor severity: critical description: |...

9.8CVSS8.4AI score0.58555EPSS
Exploits3References5
Rows per page
Query Builder