Lucene search
K

2466928 matches found

Nuclei
Nuclei
added 3 days ago26 views

Centos Web Panel 0.9.8.480 - Local File Inclusion

Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...

7.5CVSS7.5AI score0.70736EPSS
Exploits2References5
Nuclei
Nuclei
added 3 days ago36 views

Cobub Razor 0.8.0 - Information Disclosure

Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.ph...

5.3CVSS6.1AI score0.60586EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago98 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7.4AI score0.59552EPSS
Exploits6References4
Nuclei
Nuclei
added 3 days ago40 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.4AI score0.50734EPSS
Exploits4References4
Nuclei
Nuclei
added 3 days ago34 views

OPNsense <=20.1.5 - Open Redirect

OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

6.1CVSS6.3AI score0.02689EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago20 views

WordPress 15Zine <3.3.0 - Cross-Site Scripting

WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cbsa AJAX action. id: CVE-2020-36510 info: name: WordPress 15Zine 3.3.0 - Cross-Site Scripting author: veshraj...

6.1CVSS6.2AI score0.02602EPSS
Exploits2References3
Nuclei
Nuclei
added 3 days ago25 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS7.4AI score0.67289EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago33 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago16 views

Fortinet FortiWeb - SQL Injection

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPS requests. id: CVE-2025-25257 info: name: Fortinet FortiWeb - SQL...

9.8CVSS7.8AI score0.9671EPSS
Exploits18References2
Nuclei
Nuclei
added 3 days ago48 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago44 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit...

5.3CVSS6.2AI score0.45241EPSS
Exploits3References5
Nuclei
Nuclei
added 3 days ago16 views

Dell UnityVSA < 5.5 - Remote Command Injection

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. id: CVE-2025-36604 info: name: Dell UnityVSA 5.5 - Remote Command Injection author: DhiyaneshDK,watchtowr severity: critical description: | Dell...

9.8CVSS6.1AI score0.61923EPSS
Exploits1References3
Nuclei
Nuclei
added 3 days ago20 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.2AI score0.34677EPSS
Exploits7References3
Nuclei
Nuclei
added 3 days ago1406 views

Pterodactyl Panel - Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. id: CVE-2025-49132 info: name: Pterodactyl Panel - Remote Code Execution...

10CVSS7.6AI score0.13105EPSS
Exploits28References3
Nuclei
Nuclei
added 3 days ago18 views

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. id: CVE-2025-2775 info: name: SysAid On-Prem = 23.3.40 - XML External Entity...

9.3CVSS7.6AI score0.55177EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago6 views

WordPress Madara Theme < 2.2.2.1 - Local File Inclusion

Madara WordPress theme = 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request. id: CVE-2025-4524 info: name: WordPress Madara Theme...

9.8CVSS7.5AI score0.09094EPSS
Exploits5References4
Nuclei
Nuclei
added 3 days ago46 views

Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. id: CVE-2025-29085 info: name: Vipshop Saturn Console = 3.5.1 - SQL Injection via ClusterKey Component author:...

9.8CVSS6.2AI score0.29125EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago19 views

CLink Office 2.0 - Cross-Site Scripting

CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter. id: CVE-2020-6171 info: name: CLink Office 2.0 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.4AI score0.04798EPSS
Exploits1References4
Nuclei
Nuclei
added 3 days ago12 views

RosarioSIS 6.7.2 - Cross-Site Scripting

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...

6.1CVSS6.4AI score0.06325EPSS
Exploits2
Nuclei
Nuclei
added 3 days ago49 views

74cms - ajax_street.php 'key' SQL Injection

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. id: CVE-2020-22211 info: name: 74cms - ajaxstreet.php 'key' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. impact: | Successf...

9.8CVSS7AI score0.0794EPSS
Exploits1References3
Rows per page
Query Builder