CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

160542 matches found

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.3AI score0.37606EPSS

Exploits1References4

Nuclei•added 13 hours ago•54 views

Garage Management System 1.0 - SQL Injection

Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...

9.8CVSS7.4AI score0.03384EPSS

Exploits1References3

Nuclei•added 13 hours ago•46 views

Apache ShenYu Admin JWT - Authentication Bypass

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. id: CVE-2021-37580 info: name: Apache ShenYu Admin JWT - Authentication Bypass author: pdteam severity: critical descriptio...

9.8CVSS7.3AI score0.40058EPSS

Exploits2References5

Nuclei•added 13 hours ago•24 views

Jenzabar 9.2x-9.2.2 - Cross-Site Scripting

Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. id: CVE-2021-26723 info: name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting...

6.1CVSS6.7AI score0.10949EPSS

Exploits3References5

Nuclei•added 13 hours ago•32 views

Cacti - Cross-Site Scripting

Cacti contains a cross-site scripting vulnerability via "http:///authchangepassword.php?ref=alert1" which can successfully execute the JavaScript payload present in the "ref" URL parameter. id: CVE-2021-26247 info: name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium descriptio...

6.1CVSS6.3AI score0.07124EPSS

Exploits0References4

Nuclei•added 13 hours ago•37 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.5AI score0.40617EPSS

Exploits8References5

Nuclei•added 13 hours ago•92 views

Pega Infinity - Authentication Bypass

Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. id: CVE-2021-27651 info: name: Pega Infinity - Authentication Bypass author: idealphase,daffainf...

9.8CVSS7.2AI score0.53841EPSS

Exploits1References5

Nuclei•added 13 hours ago•39 views

Microweber Information Disclosure

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0281 info: name: Microweber Information Disclosure author: pikpikcu severity: high description: Microweber contains a...

7.5CVSS7.1AI score0.1201EPSS

Exploits1References5

Nuclei•added 13 hours ago•25 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02829EPSS

Exploits1References5

Nuclei•added 13 hours ago•134 views

Cuppa CMS v1.0 - Arbitrary File Upload

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...

9.8CVSS7.4AI score0.0373EPSS

Exploits1References3

Nuclei•added 13 hours ago•32 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.4AI score0.01113EPSS

Exploits1References5

Nuclei•added 13 hours ago•24 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.29451EPSS

Exploits2References5

Nuclei•added 13 hours ago•335 views

Codoforum 5.1 - Arbitrary File Upload

Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain...

7.2CVSS7.2AI score0.24939EPSS

Exploits4References5

Nuclei•added 13 hours ago•75 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.02582EPSS

Exploits1References5

Nuclei•added 13 hours ago•19 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?carid=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32024 info:...

7.2CVSS7.2AI score0.04522EPSS

Exploits1References2

Nuclei•added 13 hours ago•31 views

ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

6.1CVSS6.5AI score0.02258EPSS

Exploits0References5

Nuclei•added 13 hours ago•22 views

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS5.9AI score0.02468EPSS

Exploits1References5

Nuclei•added 13 hours ago•62 views

IceWarp Mail Server - Open Redirect

IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open...

6.1CVSS6.4AI score0.01529EPSS

Exploits0References5

Nuclei•added 13 hours ago•40 views

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

6.1CVSS6.7AI score0.27459EPSS

Exploits1References5

Nuclei•added 13 hours ago•27 views

SysAid 20.4.74 - Cross-Site Scripting

SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter. id: CVE-2021-31862 info: name: SysAid 20.4.74 - Cross-Site Scripting author: jas37 severity: medium description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via...

6.1CVSS6.2AI score0.03922EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by