Lucene search
+L

139 matches found

Nuclei
Nuclei
added 18 hours ago18 views

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

9.8CVSS5.5AI score0.03345EPSS
Exploits2References1
Nuclei
Nuclei
added 18 hours ago86 views

SOPlanning - Remote Code Execution

Detects a remote code execution vulnerability in SOPlanning version 1.52.01 through authenticated PHP file upload. id: CVE-2024-27115 info: name: SOPlanning - Remote Code Execution author: [email protected] severity: high description: | Detects a remote code execution vulnerability in SOPlanni...

10CVSS6.4AI score0.0459EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago56 views

Nexus Repository 2 - Remote Code Execution

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. id: CVE-2024-5082 info: name: Nexus Repository 2 - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: hi...

7.1CVSS7.3AI score0.01956EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago37 views

Mlflow < 2.9.2 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.4AI score0.02718EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago254 views

Apache Airflow - Unauthenticated Variable Import

Apache Airflow Airflow =2.0.0 and =2.0.0 and 2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution...

9.8CVSS8.7AI score0.80938EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago128 views

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS9AI score0.60113EPSS
Exploits9References5
Nuclei
Nuclei
added 18 hours ago67 views

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...

9.4CVSS8.5AI score0.36459EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago62 views

Maian Cart <=3.8 - Remote Code Execution

Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability. id: CVE-2021-32172 info: name: Maian Cart =3.8 to mitigate this vulnerability. reference: - https://dreyand.github.io/maian-cart-rce/ - https://github.com/DreyAnd/maian-cart-rce -...

9.8CVSS9.2AI score0.66433EPSS
Exploits4References5
Nuclei
Nuclei
added 18 hours ago61 views

WebTareas 2.4p5 - SQL Injection

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. id: CVE-2022-44291 info: name: WebTareas 2.4p5 - SQL Injection author: theamanrawat severity: critical description: | webTareas 2.4p5 was discovered to contain a SQL injection...

9.8CVSS8.7AI score0.03616EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago109 views

WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...

9.8CVSS9AI score0.4214EPSS
Exploits3References6
Nuclei
Nuclei
added 18 hours ago28 views

Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting

WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page. id: CVE-2021-24495 info: name: Wordpress Marmoset Viewer 1.9.3 - Cross-Site Scripting author:...

6.1CVSS5.8AI score0.03343EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago91 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.9AI score0.0243EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago25 views

SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

6.1CVSS5.8AI score0.07781EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago93 views

WordPress Imagements <=1.2.5 - Arbitrary File Upload

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by...

9.8CVSS9.1AI score0.0714EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago111 views

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks. id: CVE-2021-27520 info: name: FUDForum 3.1.0 - Cross-Site Scriptin...

6.1CVSS5.9AI score0.06396EPSS
Exploits4References5
Nuclei
Nuclei
added 18 hours ago164 views

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

9CVSS7.9AI score0.09919EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago48 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. id: CVE-2022-25497 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: medium description: | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...

5.3CVSS5.8AI score0.03642EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago42 views

Flatpress < v1.2.1 - Cross Site Scripting

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...

5.4CVSS5.3AI score0.01132EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago111 views

Harbor <=1.82.0 - Privilege Escalation

Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...

6.5CVSS5.8AI score0.23284EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago103 views

WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting

WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page. id: CVE-2021-24316 info: name: WordPress Mediumish Theme =1.0.47 -...

6.1CVSS5.8AI score0.06442EPSS
Exploits2References5
Rows per page
Query Builder