CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

160544 matches found

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.1AI score0.01222EPSS

Exploits1References3

Nuclei•added 14 hours ago•60 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS5.9AI score0.01425EPSS

Exploits1References3

Nuclei•added 14 hours ago•35 views

Nagios XI < 5.11.3 - SQL Injection

SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. id: CVE-2023-48084 info: name: Nagios XI 5.11.3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk...

9.8CVSS7.4AI score0.3374EPSS

Exploits2References4

Nuclei•added 14 hours ago•41 views

QloApps 1.6.0 - SQL Injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.2AI score0.03157EPSS

Exploits1References2

Nuclei•added 14 hours ago•41 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.2AI score0.03419EPSS

Exploits1References4

Nuclei•added 14 hours ago•35 views

Magmi 0.7.22 - Cross-Site Scripting

Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...

6.1CVSS6.2AI score0.08173EPSS

Exploits0References5

Nuclei•added 14 hours ago•21 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS5.9AI score0.03331EPSS

Exploits6References5

Nuclei•added 14 hours ago•30 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.4AI score0.17313EPSS

Exploits2References5

Nuclei•added 14 hours ago•214 views

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

9.8CVSS7.8AI score0.50224EPSS

Exploits7References5

Nuclei•added 14 hours ago•53 views

Opencart Divido - Sql Injection

OpenCart Divido plugin is susceptible to SQL injection id: CVE-2018-11231 info: name: Opencart Divido - Sql Injection author: ritikchaddha severity: high description: | OpenCart Divido plugin is susceptible to SQL injection impact: | This vulnerability can lead to data theft, unauthorized access,...

8.1CVSS7.3AI score0.09054EPSS

Exploits1References4

Nuclei•added 14 hours ago•15 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.2AI score0.09084EPSS

Exploits1References5

Nuclei•added 14 hours ago•25 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...

4.8CVSS5.9AI score0.03316EPSS

Exploits6References4

Nuclei•added 14 hours ago•25 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.2AI score0.0294EPSS

Exploits2References5

Nuclei•added 14 hours ago•27 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.5AI score0.04601EPSS

Exploits2References5

Nuclei•added 14 hours ago•26 views

Yaws 1.91 - Local File Inclusion

Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. id: CVE-2017-10974 info: name: Yaws 1.91 - Local File Inclusion author: 0xAkoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. impact: |...

7.5CVSS7.1AI score0.81028EPSS

Exploits5References5

Nuclei•added 14 hours ago•75 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.5AI score0.23566EPSS

Exploits0References5

Nuclei•added 14 hours ago•26 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS5.8AI score0.08732EPSS

Exploits1References5

Nuclei•added 14 hours ago•81 views

EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution

EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...

9.8CVSS7.8AI score0.91874EPSS

Exploits13References5

Nuclei•added 14 hours ago•39 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS7AI score0.09743EPSS

Exploits1References3

Nuclei•added 14 hours ago•31 views

MetInfo 7.0.0 beta - SQL Injection

MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter a different issue than CVE-2019-16997. id: CVE-2019-17418 info: name: MetInfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description: | MetInfo...

7.2CVSS7.1AI score0.49299EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by