Lucene search
K

819 matches found

Nuclei
Nuclei
added yesterday56 views

HD-Network Realtime Monitoring System 2.0 - Local File Inclusion

Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. id: CVE-2021-45043 info: name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion...

7.5CVSS7.2AI score0.33133EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday26 views

WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting

WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can...

6.1CVSS6.4AI score0.10348EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday61 views

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks. id: CVE-2021-27520 info: name: FUDForum 3.1.0 - Cross-Site Scriptin...

6.1CVSS6.2AI score0.06396EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday31 views

Directory Management System 1.0 - SQL Injection

Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the...

9.8CVSS7.4AI score0.1833EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday18 views

WordPress Cab fare calculator < 1.0.4 - Local File Inclusion

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. id: CVE-2022-1391 info: name: WordPress Cab fare calculator 1.0.4 - Local File Inclusion author: Splint3r7...

9.8CVSS7.3AI score0.13592EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday58 views

WordPress WP Courses Plugin Information Disclosure

WordPress WP Courses Plugin 2.0.29 contains a critical information disclosure which exposes private course videos and materials. id: CVE-2020-26876 info: name: WordPress WP Courses Plugin Information Disclosure author: dwisiswant0 severity: high description: WordPress WP Courses Plugin 2.0.29...

7.5CVSS7.1AI score0.09199EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion

IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. id: CVE-2018-10956 info: name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion author: 0xAkoko severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. impact: | An...

7.5CVSS7.1AI score0.56318EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday235 views

Responsive FileManager <9.13.4 - Local File Inclusion

Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajaxcalls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion. id: CVE-2018-15535 info: name: Responsive FileManager...

7.5CVSS6.7AI score0.45242EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday19 views

Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval

A directory traversal vulnerability in the SimpleDownload comsimpledownload component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2122 info: name: Joomla! Component simpledownload =0.9.5 -...

6.8CVSS6AI score0.11663EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday26 views

Joomla! Component Magic Updater - Local File Inclusion

A directory traversal vulnerability in the Magic Updater comjoomlaupdater component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1307 info: name: Joomla! Component Magic Updater - Local File Inclusion author:...

5CVSS6AI score0.10158EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday87 views

Apache Tomcat - Cross-Site Scripting

Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be prese...

6.1CVSS6.6AI score0.45571EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday31 views

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter. id: CVE-2018-16283 info: name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion author: 0x240x23elu severity: critical description: WordPress Wechat Broadcast plugin 1.2.0...

9.8CVSS7.3AI score0.6307EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday27 views

AudioCodes 420HD - Remote Code Execution

AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. id: CVE-2018-10093 info: name: AudioCodes 420HD - Remote Code Execution author: wisnupramoedya severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow...

9CVSS7.5AI score0.68683EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday79 views

SolarView Compact <= 6.00 - Local File Inclusion

There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php id: CVE-2023-29919 info: name: SolarView Compact = 6.00 - Local File Inclusion author: For3stCo1d severity: critical description: | There is ...

9.8CVSS7.4AI score0.60221EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday28 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.1AI score0.08142EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday33 views

CSE Bookstore 1.0 - SQL Injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. id: CVE-2020-36112 info: name: CSE Bookstor...

9.8CVSS7.3AI score0.17166EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday47 views

LogonTracer <=1.2.0 - Remote Command Injection

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...

10CVSS7.6AI score0.74745EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday31 views

WordPress GraceMedia Media Player 1.0 - Local File Inclusion

WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter. id: CVE-2019-9618 info: name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion author: daffainfo severity: critical description: WordPress GraceMedia Media Player plugin 1.0 is...

9.8CVSS7.3AI score0.40771EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday21 views

SolarView Compact 6.00 - Local File Inclusion

SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files. id: CVE-2022-29298 info: name: SolarView Compact 6.00 - Local File Inclusion author: ritikchaddha severity: high description: SolarView Compact 6.00 is vulnerable to local file...

7.5CVSS7.2AI score0.44543EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday27 views

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

6.4CVSS6AI score0.83632EPSS
Exploits3References4
Rows per page
Query Builder