Lucene search
K

160994 matches found

Nuclei
Nuclei
added 3 days ago65 views

WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting

WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...

6.1CVSS6.2AI score0.26118EPSS
Exploits2References5
Nuclei
Nuclei
added 3 days ago126 views

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

10CVSS7.8AI score0.98376EPSS
Exploits7References7
Nuclei
Nuclei
added 3 days ago17 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7.2AI score0.36164EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago92 views

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

10CVSS7.3AI score0.99539EPSS
Exploits22References4
Nuclei
Nuclei
added 3 days ago41 views

QloApps 1.6.0 - SQL Injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.2AI score0.03157EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago16 views

Joomla! Harmis Messenger 1.2.2 - Local File Inclusion

Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...

7.5CVSS6.6AI score0.1059EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago27 views

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...

9.1CVSS7.3AI score0.26939EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago14 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS7.3AI score0.10808EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago33 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.03465EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago35 views

Nagios XI < 5.11.3 - SQL Injection

SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. id: CVE-2023-48084 info: name: Nagios XI 5.11.3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk...

9.8CVSS7.4AI score0.3374EPSS
Exploits2References4
Nuclei
Nuclei
added 3 days ago32 views

XWiki - Open Redirect

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...

6.1CVSS6.5AI score0.5507EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago67 views

cPanel < 11.109.9999.116 - Cross-Site Scripting

An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...

6.1CVSS6.7AI score0.65533EPSS
Exploits7References5
Nuclei
Nuclei
added 3 days ago35 views

Autonomy Ultraseek - Open Redirect

Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...

5.8CVSS6AI score0.10257EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago40 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7.2AI score0.24257EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago220 views

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

9.8CVSS7.8AI score0.50224EPSS
Exploits7References5
Nuclei
Nuclei
added 3 days ago51 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.1AI score0.37099EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago51 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.7AI score0.37611EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago33 views

MetInfo 7.0.0 beta - SQL Injection

MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter a different issue than CVE-2019-16997. id: CVE-2019-17418 info: name: MetInfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description: | MetInfo...

7.2CVSS7.1AI score0.49398EPSS
Exploits2References5
Nuclei
Nuclei
added 3 days ago146 views

Simple Employee Records System 1.0 - Unrestricted File Upload

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution. id: CVE-2019-20183 info: name: Simple Employee Record...

7.2CVSS7.3AI score0.06716EPSS
Exploits2References5
Nuclei
Nuclei
added 3 days ago24 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.29451EPSS
Exploits2References5
Rows per page
Query Builder