Lucene search
+L

10577 matches found

Nuclei
Nuclei
added 7 hours ago15 views

KevinLAB BEMS 1.0 - SQL Injection

KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and...

9.8CVSS8.7AI score0.08146EPSS
Exploits2References4
Nuclei
Nuclei
added 7 hours ago43 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago18 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.8AI score0.02258EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago32 views

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

7.3CVSS7AI score0.01084EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago13 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS5.6AI score0.02277EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago96 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

10CVSS8.6AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago96 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...

10CVSS8.6AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago117 views

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

6.5CVSS6.5AI score0.07863EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago87 views

Labstack Echo 4.8.0 - Open Redirect

Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-400...

9.6CVSS8.4AI score0.02333EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago82 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS8.9AI score0.99077EPSS
Exploits24References5
Nuclei
Nuclei
added 7 hours ago58 views

Artica Pandora FMS <=7.42 - Arbitrary File Read

Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. id:...

5.3CVSS5.9AI score0.05275EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-50526

A flaw was found in .NET. This vulnerability, stemming from improper link resolution before file access, allows an authorized local attacker to perform tampering. This could lead to unauthorized modification of data or system files...

7CVSS5.2AI score0.00159EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago96 views

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS7.1AI score0.90067EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-48806

A flaw was found in Twig, a template language for PHP. This vulnerability allows a remote attacker to bypass security restrictions by providing specially crafted input. Successful exploitation can lead to the disclosure of sensitive information and potentially allow for limited unauthorized data...

9.1CVSS6.1AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43586

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57937

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description An authenticated attacker can exploit logical errors in memory management to trigger an out-of-bounds write, resulting in memory corruption. This issue can lead ...

9.9CVSS6.2AI score0.00439EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-50162

A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link symlink traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside...

6.9CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added 2026/07/11 7:47 a.m.35 views

CVE-2026-1359 Genolve – AI image AI video generation <= 5.0.5 - Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation via theopt

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolvesetOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/07/11 5:16 a.m.8 views

CVE-2026-3552

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS0.00213EPSS
Exploits0References8
Rows per page
Query Builder