Lucene search
K

84 matches found

Nuclei
Nuclei
β€’added 15 hours agoβ€’88 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.5AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
β€’added 15 hours agoβ€’23 views

Viral Signup <= 2.1 - SQL Injection

The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

9.8CVSS6AI score0.03292EPSS
Exploits1References4
Nuclei
Nuclei
β€’added 15 hours agoβ€’81 views

WBCE 1.6.0 - SQL Injection

There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajaxdeletemessage.php" there is no authentication check. On line 40...

9.8CVSS7.2AI score0.06096EPSS
Exploits3References3
Nuclei
Nuclei
β€’added 15 hours agoβ€’98 views

Wordpress Country State City Dropdown <=2.7.2 - SQL Injection

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the β€˜cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS6AI score0.13618EPSS
Exploits1References5
Nuclei
Nuclei
β€’added yesterdayβ€’54 views

Control iD iDSecure - Authentication Bypass

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

9.8CVSS7.3AI score0.65237EPSS
Exploits6
Nuclei
Nuclei
β€’added 2 days agoβ€’80 views

Advantech R-SeeNet 2.4.12 - OS Command Injection

Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...

10CVSS7.6AI score0.69631EPSS
Exploits1References5
Nuclei
Nuclei
β€’added 2026/06/23 5:8 a.m.β€’61 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.7AI score0.94618EPSS
Exploits7References5
EUVD
EUVD
β€’added 2025/10/03 8:7 p.m.β€’5 views

EUVD-2024-18796

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.00807EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2025/05/22 7:19 p.m.β€’4 views

CVE-2021-2382

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3,...

9.8CVSS7.7AI score0.01845EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/03/31 1:43 p.m.β€’21 views

Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot

Summary There is a vulnerable library tomcat-embed-core, in version 10.1.34, transitively used in BAMOE 9, linked from the Spring Boot version used by BAMOE libraries, has been fixed in BAMOE 9.2.0, along with more CVE fixes published in the Security Bulletin 7229574. Vulnerability Details...

10CVSS8AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/02/20 5:59 a.m.β€’22 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS6.8AI score0.08856EPSS
Exploits13Affected Software1
HackRead
HackRead
β€’added 2025/01/27 11:11 a.m.β€’23 views

SonicWall SMA Appliances Exploited in Zero-Day Attacks

Critical security flaw in SonicWall SMA 1000 appliances CVE-2025-23006 exploited as a zero-day. Rated CVSS 9.8, patch immediately…...

9.8CVSS7.1AI score0.23432EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2024/11/15 9:28 a.m.β€’18 views

Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution

Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...

9.8CVSS7.4AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2024/11/12 12:45 p.m.β€’26 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system,...

6.5CVSS7.7AI score0.19753EPSS
Exploits7Affected Software1
GithubExploit
GithubExploit
β€’added 2024/11/07 3:28 a.m.β€’507 views

Exploit for CVE-2023-6553

CVE-2023-6553 Exploit Development for CVE-2023-6553 on Backup...

9.8CVSS9.8AI score0.97846EPSS
Exploits14
IBM Security Bulletins
IBM Security Bulletins
β€’added 2024/09/18 8:7 p.m.β€’25 views

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization. This could affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2020-36188 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to...

8.1CVSS9.2AI score0.10911EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2024/09/18 7:55 p.m.β€’34 views

Security Bulletin: Vulnerability in Perl affects IBM watsonx.data

Summary Perl could allow a remote attacker to bypass security restrictions, caused by improper handling of property name by the Sparseunipropstring function in regcomp.c. This can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2023-47100 DESCRIPTION: Perl could allow a remote attacker t...

9.6AI score
Exploits0Affected Software1
Wordfence Blog
Wordfence Blog
β€’added 2024/09/03 4:7 p.m.β€’27 views

6,000 WordPress Sites Affected by Unauthenticated Critical Vulnerability in WP Job Portal WordPress Plugin

πŸ“’ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

9.8CVSS8.6AI score0.01197EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
β€’added 2024/08/14 3:38 p.m.β€’21 views

Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data

Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...

8.8CVSS9.2AI score0.02186EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
β€’added 2024/08/14 5:18 a.m.β€’27 views

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager vTM that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect...

9.8CVSS8.8AI score0.99987EPSS
Exploits5
Rows per page
Query Builder