CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2446373 matches found

Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18491 info: name: Contact Form by BestWebSoft 4.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple X...

6.1CVSS6AI score0.00104EPSS

Exploits1References4

Nuclei•added yesterday•24 views

Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. id: CVE-2017-18492 info: name: Contact Form to DB by BestWebSoft 1.5.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-to-db plugin before 1.5.7 for WordPress has multip...

6.1CVSS6AI score0.00104EPSS

Exploits1References4

Nuclei•added yesterday•21 views

Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting

The realty plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18532 info: name: Realty by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The realty plugin before 1.1.0 for WordPress has multiple XSS issues. impact: | Authenticat...

6.1CVSS6AI score0.00098EPSS

Exploits1References4

Nuclei•added yesterday•29 views

Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting

The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...

6.1CVSS6AI score0.00059EPSS

Exploits1References4

Nuclei•added yesterday•112 views

Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion

A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter. id: CVE-2010-2918 info: name: Joomla! Component Visit...

7.5CVSS5.9AI score0.01604EPSS

Exploits1References5

Nuclei•added yesterday•220 views

JetBrains TeamCity > 2023.11.3 - Authentication Bypass

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...

9.8CVSS8.8AI score0.72925EPSS

Exploits0References2

Nuclei•added yesterday•61 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS8.6AI score0.94425EPSS

Exploits25References3

Nuclei•added yesterday•42 views

MeteoBridge <= 6.1 - Remote Code Execution

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote...

8.8CVSS8.7AI score0.43919EPSS

Exploits3References3

Nuclei•added yesterday•75 views

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...

7.5CVSS7.9AI score0.91261EPSS

Exploits8References1

Nuclei•added yesterday•23 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure

A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...

8.7CVSS5.3AI score0.18945EPSS

Exploits1References3

Nuclei•added yesterday•55 views

WordPress Core <=6.2 - Directory Traversal

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. id: CVE-2023-2745 info: name: WordPress Core =6.2 - Directory Traversal author: nqdung2002 severity: medium description: | WordPress Core is vulnerable to Directory Traversal in...

6.1CVSS6.3AI score0.79284EPSS

Exploits7References2

Nuclei•added yesterday•44 views

Stock Ticker <= 3.23.2 - Cross-Site Scripting

The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickerload function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS7.3AI score0.03667EPSS

Exploits0References5

Nuclei•added yesterday•95 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS8.3AI score0.92062EPSS

Exploits6References5

Nuclei•added yesterday•47 views

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

7.1CVSS7.3AI score0.86433EPSS

Exploits3References5

Nuclei•added yesterday•26 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.5AI score0.62334EPSS

Exploits1References3

Nuclei•added yesterday•120 views

Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS8.3AI score0.84026EPSS

Exploits20References5

Nuclei•added yesterday•31 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS5.8AI score0.11478EPSS

Exploits1References5

Nuclei•added yesterday•43 views

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS5.8AI score0.11089EPSS

Exploits2References4

Nuclei•added yesterday•32 views

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

6.1CVSS6.2AI score0.0225EPSS

Exploits4References5

Nuclei•added yesterday•37 views

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.7AI score0.20785EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by