Lucene search
K

19984 matches found

Nuclei
Nuclei
added 10 hours ago24 views

KLog Server - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. id: CVE-2025-1035 info: name: KLog Server - Path Traversal author: s4e-io...

5.7CVSS6AI score0.09676EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago23 views

MasterSAM Star Gate v11 - Local File Inclusion

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information...

6.5CVSS7.3AI score0.03012EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago28 views

ZEROF Web Server 2.0 - SQL Injection

ZEROF Web Server 2.0 allows SQL Injection via the /HandleEvent endpoint. Attackers can exploit this vulnerability by manipulating the request parameters to execute arbitrary SQL queries. id: CVE-2022-25322 info: name: ZEROF Web Server 2.0 - SQL Injection author: daffainfo severity: critical...

9.8CVSS7.5AI score0.0856EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago92 views

WordPress Pie Register <= 3.7.1.4 - Authentication Bypass

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting socialsite=true and manipulating the useridsocialsite parameter,...

10CVSS8AI score0.09903EPSS
Exploits7References3
Nuclei
Nuclei
added 10 hours ago80 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago14 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago33 views

Safe Editor Plugin < 1.2 - CSS/JS-injection

The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS. id: CVE-2016-10976 info: name: Safe Editor Plugin 1.2 - CSS/JS-injection author: Splint3r7 severity: medium description: | The safe-editor plugin before 1.2 for WordPress has no sesave authentication...

6.1CVSS6.4AI score0.01506EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago27 views

openSIS v9.0 - Path Traversal

A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths. id: CVE-2023-38879 info: name: openSIS v9.0 -...

7.5CVSS7.3AI score0.03663EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago42 views

NocoDB version <= 0.106.1 - Arbitrary File Read

NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, includi...

7.5CVSS7.2AI score0.08875EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago64 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.6AI score0.01784EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago45 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.3AI score0.143EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago17 views

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS6.8AI score0.03644EPSS
Exploits6References4
Nuclei
Nuclei
added 10 hours ago34 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.3AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago170 views

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. id: CVE-2023-32077 info: name: Netmaker - Hardcoded DNS Secret Key author: iamnoooob,rootxharsh,pdresearch...

7.5CVSS6.9AI score0.03147EPSS
Exploits0
Nuclei
Nuclei
added 10 hours ago34 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.1AI score0.04691EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago59 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.3AI score0.16118EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago40 views

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24878 info: name: SupportCandy 2.2.7 - Reflected Cross-Site...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago98 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 11 hours ago3 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS6AI score0.00184EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 11 hours ago3 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS6AI score0.00184EPSS
Exploits0References5
Rows per page
Query Builder