Lucene search
K

62615 matches found

Nuclei
Nuclei
added yesterday39 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7AI score0.00571EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday105 views

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

9.8CVSS7AI score0.67091EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday12 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7AI score0.00568EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday55 views

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. id: CVE-2024-3274 info: name: D-LINK...

5.3CVSS5.7AI score0.33484EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday45 views

WordPress Simple Link Directory <7.7.2 - SQL injection

WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action, available to unauthenticated and authenticated users. An attacker can...

9.8CVSS7.1AI score0.10825EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday53 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS7AI score0.66934EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.2AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday4 views

phpBB < 3.3.17 - Authentication Bypass

phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...

9.8CVSS7AI score0.02865EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday55 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.8AI score0.44101EPSS
Exploits3References5
Circl
Circl
added yesterday5 views

CVE-2026-13756

creationtimestamp| type| source ---|---|--- 2026-07-11 02:37:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqdmydx5vy2w 2026-07-11 04:15:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdsi5svvr2y 2026-07-11 05:01:03+00:00| seen|...

8.8CVSS6.1AI score0.00309EPSS
Exploits0References4
Circl
Circl
added yesterday6 views

CVE-2026-52976

creationtimestamp| type| source ---|---|--- 2026-07-11 01:27:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdj3uwi7n2f...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2025-30008

creationtimestamp| type| source ---|---|--- 2026-07-11 01:10:35+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdi55ozsj2i...

5.1CVSS6.1AI score0.00181EPSS
Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2026-49844

creationtimestamp| type| source ---|---|--- 2026-07-11 00:45:40+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqdgqliloj24...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-59218

creationtimestamp| type| source ---|---|--- 2026-07-11 00:35:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg6rw2ym2y...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-59217

creationtimestamp| type| source ---|---|--- 2026-07-11 00:34:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4fw5q22i...

4.3CVSS6.1AI score0.00272EPSS
Exploits1References1
Circl
Circl
added yesterday5 views

CVE-2026-39246

creationtimestamp| type| source ---|---|--- 2026-07-11 00:31:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfxmi2yn2s...

7.5CVSS6.1AI score0.00485EPSS
Exploits0References1
Circl
Circl
added yesterday3 views

CVE-2026-57475

creationtimestamp| type| source ---|---|--- 2026-07-11 00:26:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfob4kqy2z...

6.9CVSS6.1AI score0.0034EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday88 views

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

9.8CVSS7.3AI score0.80682EPSS
Exploits4References4
Rows per page
Query Builder