Lucene search
+L

156690 matches found

ibm
ibm
added yesterday4 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2026-10842)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability with the appSecurity-1.0, appSecurity-2.0 , appSecurity-3.0 or appSecurity-4.0 feature enabled. Vulnerability Details CVEID:CVE-2026-10842 DESCRIPTION: IBM WebSphere...

6.1AI score
Exploits0Affected Software1
nuclei
nuclei
added yesterday91 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.8AI score0.0243EPSS
Exploits1References4
nuclei
nuclei
added yesterday73 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.5AI score0.01278EPSS
Exploits1References5
nuclei
nuclei
added yesterday131 views

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...

9.1CVSS7AI score0.52658EPSS
Exploits2References5
nuclei
nuclei
added yesterday61 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.1AI score0.4408EPSS
Exploits2
nuclei
nuclei
added yesterday502 views

Gogs <0.12.6 - Remote Command Execution

Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id...

9.9CVSS7.2AI score0.65237EPSS
Exploits1References5
nuclei
nuclei
added yesterday82 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.5AI score0.01131EPSS
Exploits1References5
nuclei
nuclei
added yesterday71 views

WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read

WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...

8.6CVSS6.2AI score0.01844EPSS
Exploits0References2
nuclei
nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
nuclei
nuclei
added yesterday87 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
nuclei
nuclei
added yesterday51 views

Loytec LGATE-902 <6.4.2 - Local File Inclusion

Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. id: CVE-2018-14916 info: name: Loytec LGATE-902 6.4.2 - Local File Inclusion author: 0xAkoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion...

9.4CVSS7AI score0.17195EPSS
Exploits3References5
nuclei
nuclei
added yesterday47 views

Joomla! Component JotLoader 2.2.1 - Local File Inclusion

A directory traversal vulnerability in the JotLoader comjotloader component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File...

6.8CVSS6.2AI score0.08571EPSS
Exploits2References5
nuclei
nuclei
added yesterday620 views

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

8.2CVSS6.7AI score0.61139EPSS
Exploits0References5
nuclei
nuclei
added yesterday47 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7AI score0.17982EPSS
Exploits3
nuclei
nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
nuclei
nuclei
added yesterday65 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.1AI score0.50038EPSS
Exploits1References5
nuclei
nuclei
added yesterday49 views

XWiki < 4.10.15 - Email Disclosure

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...

5.3CVSS6.2AI score0.59119EPSS
Exploits0References2
nuclei
nuclei
added yesterday44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
nuclei
nuclei
added yesterday24 views

WP Content Copy Protection & No Right Click - Open Redirect

The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References2
nuclei
nuclei
added yesterday107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Rows per page
Query Builder