Lucene search
K

11248 matches found

Nuclei
Nuclei
added 8 hours ago162 views

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

9CVSS7.2AI score0.99977EPSS
Exploits40References5
Nuclei
Nuclei
added 8 hours ago30 views

Chaosblade < 1.7.4 - Remote Code Execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...

8.6CVSS6.2AI score0.01669EPSS
Exploits0References4
Nuclei
Nuclei
added 8 hours ago49 views

Qualitor <= 8.20 - Remote Code Execution

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. id: CVE-2023-47253 info: name: Qualitor = 8.20 - Remote Code Execution author: s4e-io severity: critical description: |...

9.8CVSS7.3AI score0.14422EPSS
Exploits4References3
Nuclei
Nuclei
added 8 hours ago138 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.2AI score0.03817EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago17 views

Blink Router - Command Injection

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function. id: CVE-2025-45985 info: name: Blin...

9.8CVSS7AI score0.07116EPSS
Exploits1References1
Nuclei
Nuclei
added 8 hours ago112 views

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

8.3CVSS7.3AI score0.12491EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago118 views

WP Query Console <= 1.0 - Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0. id: CVE-2024-50498 info: name: WP Query Console = 1.0 - Remote Code Execution author: s4e-io severity: critical...

10CVSS7.2AI score0.5364EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago70 views

AVTECH IP Camera - Command Injection

The endpoint /cgi-bin/supervisor/Factory.cgi is vulnerable to command injection via the action parameter, allowing remote code execution. id: CVE-2024-7029 info: name: AVTECH IP Camera - Command Injection author: DhiyaneshDK severity: high description: | The endpoint /cgi-bin/supervisor/Factory.c...

9.8CVSS7.3AI score0.38998EPSS
Exploits5References6
Nuclei
Nuclei
added 8 hours ago159 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.5AI score0.43683EPSS
Exploits5References4
Nuclei
Nuclei
added 8 hours ago191 views

pyload-ng js2py - Remote Code Execution

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. id: CVE-2024-28397 info: name: pyload-ng js2py - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: medium description: | An issue in the...

5.3CVSS6.9AI score0.04548EPSS
Exploits22References2
Nuclei
Nuclei
added 8 hours ago25 views

SRS - Command Injection

SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerable to a drive-by command injection. id: CVE-2023-34105 info: name: SRS - Command Injection author: iamnoooob,rootxharsh,pdresearch severity: high description: | SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerab...

7.5CVSS7AI score0.0876EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago127 views

OPNsense - Cross-Site Scripting to RCE

There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php. id: CVE-2023-39007 info: name: OPNsense - Cross-Site Scripting to RCE author: ritikchaddha...

9.6CVSS7AI score0.02315EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago76 views

SpiderFlow Crawler Platform - Remote Code Execution

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack...

9.8CVSS6.3AI score0.19403EPSS
Exploits4References5
Nuclei
Nuclei
added 8 hours ago183 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

9.8CVSS7.2AI score0.39294EPSS
Exploits2References1
Nuclei
Nuclei
added 8 hours ago221 views

Cuppa CMS v1.0 - Arbitrary File Upload

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...

9.8CVSS7.1AI score0.03893EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago52 views

Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation

Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...

9.8CVSS6.1AI score0.40739EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago77 views

WordPress User Post Gallery <=2.19 - Remote Code Execution

WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS7.2AI score0.42723EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago264 views

CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution RCE. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in...

10CVSS7AI score0.92918EPSS
Exploits10References5
Nuclei
Nuclei
added 8 hours ago99 views

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...

9.8CVSS6.3AI score0.04675EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago101 views

F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution RCE. The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass...

9.8CVSS7.6AI score0.96515EPSS
Exploits17References5
Rows per page
Query Builder