Lucene search
K

698809 matches found

Nuclei
Nuclei
added 8 hours ago69 views

RaspAP <=2.6.5 - Remote Command Injection

RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...

9.8CVSS7.4AI score0.17905EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago51 views

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned...

7.8CVSS7AI score0.7977EPSS
Exploits5References5
Nuclei
Nuclei
added 8 hours ago615 views

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

8.2CVSS6.7AI score0.61139EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago51 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS6AI score0.39797EPSS
Exploits6References5
Nuclei
Nuclei
added 8 hours ago67 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.6AI score0.10692EPSS
Exploits4References3
Nuclei
Nuclei
added 8 hours ago43 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS7.2AI score0.13117EPSS
Exploits6References1
Nuclei
Nuclei
added 8 hours ago47 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.3AI score0.01937EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago20 views

Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS

Adminer = 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges. id: CVE-2026-25892 info: name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent Do...

7.5CVSS6AI score0.01586EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago28 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago87 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS6AI score0.06643EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago45 views

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

8.6CVSS7.3AI score0.29345EPSS
Exploits1References2
Circl
Circl
added 10 hours ago4 views

CVE-2026-49753

creationtimestamp| type| source ---|---|--- 2026-07-10 00:35:19+00:00| published-proof-of-concept| https://github.com/elixir-mint/mint/security/advisories/GHSA-mjqx-c6f6-7rc2 2026-07-10 03:41:59+00:00| seen| https://gist.github.com/alon710/bc442ee88dc103da228f4212da5b648e...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References2
Circl
Circl
added 10 hours ago4 views

CVE-2026-49754

creationtimestamp| type| source ---|---|--- 2026-07-10 00:35:16+00:00| published-proof-of-concept| https://github.com/elixir-mint/mint/security/advisories/GHSA-2p26-p43x-fhp8 2026-07-10 03:12:07+00:00| seen| https://gist.github.com/alon710/e074ac5405ee20f6dd8bded11414265c...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42711

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42708

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42709

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device initiates a TCP...

8.2CVSS6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42719

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...

8.2CVSS6AI score
Exploits0References2
Rows per page
Query Builder