CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

160961 matches found

Homematic CCU3 - Local File Inclusion

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...

7.5CVSS7.3AI score0.15732EPSS

Exploits1References3

Nuclei•added yesterday•39 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS7AI score0.09743EPSS

Exploits1References3

Nuclei•added yesterday•30 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.4AI score0.17313EPSS

Exploits2References5

Nuclei•added yesterday•61 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS5.9AI score0.01425EPSS

Exploits1References3

Nuclei•added yesterday•30 views

PMB v7.4.6 - Cross-Site Scripting

PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...

6.1CVSS6.4AI score0.01169EPSS

Exploits1References3

Nuclei•added yesterday•17 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS7.1AI score0.01713EPSS

Exploits0References2

Nuclei•added yesterday•32 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6AI score0.01027EPSS

Exploits1References3

Nuclei•added yesterday•31 views

ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

6.1CVSS6.5AI score0.02258EPSS

Exploits0References5

Nuclei•added yesterday•31 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-35151 info: name: kkFileView 4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.1.0...

6.1CVSS6.2AI score0.01151EPSS

Exploits1References5

Nuclei•added yesterday•16 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS6.3AI score0.20196EPSS

Exploits1References3

Nuclei•added yesterday•19 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?carid=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32024 info:...

7.2CVSS7.2AI score0.04522EPSS

Exploits1References2

Nuclei•added yesterday•50 views

MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

7.7CVSS7.1AI score0.24784EPSS

Exploits0References5

Nuclei•added yesterday•46 views

Apache ShenYu Admin JWT - Authentication Bypass

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. id: CVE-2021-37580 info: name: Apache ShenYu Admin JWT - Authentication Bypass author: pdteam severity: critical descriptio...

9.8CVSS7.3AI score0.40058EPSS

Exploits2References5

Nuclei•added yesterday•27 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS5.8AI score0.08732EPSS

Exploits1References5

Nuclei•added yesterday•36 views

MicroStrategy Library <11.1.3 - Cross-Site Scripting

MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

6.1CVSS6.4AI score0.0454EPSS

Exploits0References5

Nuclei•added yesterday•63 views

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

7.5CVSS7.1AI score0.98507EPSS

Exploits18References5

Nuclei•added yesterday•31 views

Metinfo 7.0.0 beta - SQL Injection

Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter. id: CVE-2019-16996 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...

7.2CVSS7.1AI score0.12443EPSS

Exploits1References5

Nuclei•added yesterday•137 views

Cuppa CMS v1.0 - Arbitrary File Upload

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...

9.8CVSS7.4AI score0.0373EPSS

Exploits1References3

Nuclei•added yesterday•302 views

SonicWall GMS and Analytics Web Services - Shell Injection

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions id: CVE-2023-34124 info: name: SonicWall GMS and Analytics Web...

9.8CVSS7.2AI score0.40891EPSS

Exploits2References5

Nuclei•added yesterday•22 views

PlaceOS 1.2109.1 - Open Redirection

PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessionscontroller.rb open redirect. id: CVE-2021-41826 info: name: PlaceOS 1.2109.1 - Open Redirection author: geeknik severity: medium description: PlaceOS Authentication Service before 1.29.10.0 allows...

6.1CVSS6.4AI score0.11872EPSS

Exploits3References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by