Lucene search
K

124077 matches found

Nuclei
Nuclei
added 13 hours ago69 views

WordPress WP Security Audit Log 3.1.1 - Information Disclosure

WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-8719 info: name:...

5.3CVSS6.2AI score0.15782EPSS
Exploits6References5
Nuclei
Nuclei
added 13 hours ago45 views

WordPress EasyCart <2.0.6 - Information Disclosure

WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. id: CVE-2014-4942 info: name: WordPress EasyCart 2.0.6 - Information Disclosur...

5CVSS6AI score0.0437EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago39 views

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

7.5CVSS7.2AI score0.08348EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago29 views

WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure

WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.2AI score0.05482EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago39 views

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the livemfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. id:...

7.5CVSS6.8AI score0.07142EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago18 views

Reprise License Manager 14.2 - Information Disclosure

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture and file/directory...

5.3CVSS6.2AI score0.08359EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago38 views

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in livecheck.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...

7.5CVSS6.9AI score0.08364EPSS
Exploits2References3
Nuclei
Nuclei
added 13 hours ago48 views

WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...

5.3CVSS6.1AI score0.01424EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago49 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

7.8CVSS7AI score0.09966EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago22 views

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

5.3CVSS6.2AI score0.13372EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago26 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7AI score0.02801EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago216 views

ThinkPHP 5.0.24 - Information Disclosure

ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...

7.5CVSS7AI score0.04748EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago28 views

DVDFab 12 Player/PlayerFab - Local File Inclusion

DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player recently renamed PlayerFab has read-access. id: CVE-2022-25216 info: name: DVDFab 12 Player/PlayerFa...

7.8CVSS7.1AI score0.13835EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago41 views

Microweber <1.1.20 - Information Disclosure

Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...

7.5CVSS7.1AI score0.13722EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago97 views

Axigen WebMail - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. id:...

5.4CVSS6.5AI score0.0109EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago46 views

Edito CMS - Sensitive Data Leak

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...

7.5CVSS5.9AI score0.02629EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago45 views

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

9.8CVSS7.2AI score0.08151EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago64 views

D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure

D-LINK DIR-845L DEVICE.ACCOUNT" - "" condition: and - type: status status: - 200 digest: 490a00463044022078c76c76f0d41036162365eda896e8dc3454c16f43fe113395f6b36849fbe395022...

5.3CVSS5.9AI score0.03419EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago31 views

rConfig <3.9.4 - Sensitive Information Disclosure

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...

7.5CVSS7.1AI score0.16671EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago27 views

WordPress wpCentral <1.5.1 - Information Disclosure

WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-9043 info: name: WordPress...

9CVSS7.2AI score0.08173EPSS
Exploits2References5
Rows per page
Query Builder