Lucene search
K

20330 matches found

Nuclei
Nuclei
added yesterday254 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.4AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday58 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.5AI score0.14558EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday53 views

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday50 views

WordPress e-search <=1.0 - Cross-Site Scripting

Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via dateselect.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.02897EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday45 views

Diary Management System 1.0 - Cross-Site Scripting

Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php. id: CVE-2022-29004 info: name: Diary Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Diary Management System 1.0 contains a cross-sit...

6.1CVSS6.4AI score0.02806EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday66 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7AI score0.05116EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday72 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.1AI score0.02941EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday73 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago318 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7AI score0.70589EPSS
Exploits1References5
CVE
CVE
added 5 days ago8 views

CVE-2026-40007

CVE-2026-40007 affects Apache IoTDB. The issue is an uncontrolled recursion in the AirGap receiver: when pipe_air_gap_receiver_enabled is true, readLength recursively processes E-language prefixes with no depth limit, allowing an unauthenticated attacker to exhaust the receiver thread’s JVM stack...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.577 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS8AI score0.98342EPSS
Exploits7References6
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.4 views

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14737

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/07/05 10:0 a.m.22 views

CVE-2026-14737

Hanwang e-Face General Management Platform 6.3.5.4 is affected. The vulnerability resides in the function handling /sysAuthStr/querySysAuthStr.do, where manipulation of the argument order leads to SQL injection. The issue can be triggered remotely, and public exploitation code is available. Explo...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/05 10:0 a.m.39 views

CVE-2026-14737 Hanwang e-Face General Management Platform querySysAuthStr.do sql injection

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/05 10:0 a.m.7 views

EUVD-2026-41745

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:0 a.m.8 views

CVE-2026-14737

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/05 6:16 a.m.10 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 5:15 a.m.32 views

CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:15 a.m.7 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder