Lucene search
K

114869 matches found

GithubExploit
GithubExploit
added yesterday32 views

Exploit for CVE-2026-57517

Control Web Panel 0.9.8.1224 — Blind SQL Injection to Remot...

9.8CVSS6.9AI score0.00587EPSS
Exploits2
Nuclei
Nuclei
added yesterday51 views

Fujitsu IP Series - Hardcoded Credentials

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...

7.5CVSS6.8AI score0.0299EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday30 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

5.4CVSS6.2AI score0.01049EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday31 views

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

6.1CVSS6.5AI score0.09221EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday88 views

Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pwsnmp.html "System contact" field. id: CVE-2019-11370 info: name: Carel pCOWeb B1.2.4 - Cross-Site Scripting author: arafatansari severity: medium description: | Carel pCOWeb prior to B1.2.4 ...

5.4CVSS6AI score0.03977EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday28 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

4.8CVSS5.8AI score0.01424EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday34 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.2AI score0.03316EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday32 views

Cuppa CMS v1.0 - Cross Site Scripting

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. id: CVE-2022-38295...

6.1CVSS6.5AI score0.01048EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday61 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.3AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday28 views

PrestaShop - SQL Injection to Eval Injection

PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...

9.8CVSS7.2AI score0.05071EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday32 views

WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting

WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal...

5.4CVSS6AI score0.00841EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday53 views

IdeaCMS <= 1.7 - SQL Injection

IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...

8.8CVSS6.6AI score0.01269EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday54 views

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

7.1CVSS7AI score0.38768EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday31 views

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. id: CVE-2023-0602 info: name: Twittee Text Tweet =...

6.1CVSS6.8AI score0.00852EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday30 views

Casdoor 1.13.0 - Unauthenticated SQL Injection

Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. id: CVE-2022-24124 info: name: Casdoor 1.13.0 - Unauthenticated SQL Injection...

7.5CVSS7.2AI score0.58927EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday55 views

W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal

WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php. id: CVE-2019-6715 info: name: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal autho...

7.5CVSS7.2AI score0.19396EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday33 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Entities Group feature at/index.php?module=entities/entitiesgroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS6.2AI score0.00906EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday15 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday30 views

WordPress Meta SEO <= 4.5.2 - Open Redirect

The WP Meta SEO WordPress plugin before 4.5.3 did not authorize several AJAX actions, which allowed low-privilege users to update certain data and resulted in an arbitrary redirect vulnerability. id: CVE-2023-0876 info: name: WordPress Meta SEO = 4.5.2 - Open Redirect author: Khalid6468 severity:...

6.1CVSS6.5AI score0.00713EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday18 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.03509EPSS
Exploits1References4
Rows per page
Query Builder