Lucene search
K

341363 matches found

Nuclei
Nuclei
added yesterday66 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday30 views

WebsitePanel before v1.2.2.1 - Open Redirect

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx id: CVE-2012-4032 info: name: WebsitePanel before v1.2.2.1 - Open Redirect author:...

5.8CVSS6.2AI score0.07304EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday27 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS6.2AI score0.08732EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday120 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday83 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...

7.2CVSS7AI score0.04903EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday45 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday70 views

Void Aural Rec Monitor 9.0.0.1 - SQL Injection

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7AI score0.12245EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday66 views

PlaceOS 1.2109.1 - Open Redirection

PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessionscontroller.rb open redirect. id: CVE-2021-41826 info: name: PlaceOS 1.2109.1 - Open Redirection author: geeknik severity: medium description: PlaceOS Authentication Service before 1.29.10.0 allows...

6.1CVSS6.4AI score0.11872EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday36 views

Chaty < 2.8.2 - Cross-Site Scripting

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...

6.1CVSS6.4AI score0.01798EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday80 views

Registrations for the Events Calendar < 2.7.6 - SQL Injection

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. id:...

9.8CVSS7.1AI score0.07474EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday78 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday41 views

Discourse OAuth Social Login - Cross-site Scripting

Discourse versions prior to 3.5.0.beta6 contain a stored Cross-Site Scripting XSS vulnerability in the OAuth/social login functionality. The vulnerability is caused by lack of proper content security policy enforcement when processing social login failures,allowing remote attackers to inject and...

8.1CVSS6.2AI score0.0063EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday60 views

Dzzoffice 2.02.1 - Cross-Site Scripting

Dzzoffice 2.02.1SCUTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter. id: CVE-2021-30203 info: name: Dzzoffice 2.02.1 - Cross-Site Scripting author: arafatansari severity: high description: | Dzzoffice...

6.1CVSS6.5AI score0.00596EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday62 views

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6.4AI score0.04873EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday99 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS6.3AI score0.00874EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday58 views

Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

6.1CVSS6.4AI score0.01983EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday23 views

SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

6.1CVSS6.4AI score0.07781EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday154 views

Gitblit 1.9.3 - Local File Inclusion

Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ e.g., followed by a WEB-INF or META-INF pathname. id: CVE-2022-31268 info: name: Gitblit 1.9.3 - Local File Inclusion author: 0xAkoko severity: high description: | Gitblit 1.9.3 is vulnerable to local file inclusion via...

7.5CVSS7AI score0.09601EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday86 views

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

8.8CVSS7.1AI score0.09997EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday19 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS6.2AI score0.10899EPSS
Exploits1References5
Rows per page
Query Builder