Lucene search
K

32464 matches found

Nuclei
Nuclei
added 18 hours ago77 views

Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. id: CVE-2021-44138 info: name: Caucho Resin =4.0.52 =4.0.56 - Directory travers...

7.5CVSS7.1AI score0.14115EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago22 views

ComfyUI-Manager < 3.38 - Configuration Overwrite

ComfyUI-Manager 3.38 contains an insecure file storage vulnerability caused by storing files in an insufficiently protected location accessible via the web interface, letting remote attackers manipulate configuration and critical data, exploit requires web access. id: CVE-2025-67303 info: name:...

7.5CVSS7.2AI score0.01361EPSS
Exploits3References3
Nuclei
Nuclei
added 18 hours ago112 views

CAREL Boss Mini <= 1.4.0 - Local File Inclusion

Boss Mini 1.4.0 Build 6221 contains a file inclusion caused by manipulation of the 'path' argument in boss/servlet/document, letting remote attackers include arbitrary files, exploit requires remote access. id: CVE-2023-3643 info: name: CAREL Boss Mini = 1.4.0 - Local File Inclusion author:...

9.8CVSS7AI score0.75206EPSS
Exploits6References4
Nuclei
Nuclei
added 18 hours ago12 views

HP Switch - Authentication Bypass

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

9.8CVSS6.9AI score0.02641EPSS
Exploits1
Nuclei
Nuclei
added 18 hours ago17 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS6.9AI score0.01813EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago18 views

Teleport - Authentication Bypass

Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems. id: CVE-2025-49825 info: name: Teleport - Authentication Bypass author: pdteam severity: critical description: | Teleport...

9.8CVSS6.5AI score0.07754EPSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago43 views

Jinher OA - SQL Injection

jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...

9.8CVSS6.5AI score0.03559EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
Nuclei
Nuclei
added 18 hours ago16 views

Citrix SD-WAN and NetScaler SD-WAN - SQL Injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 contain an SQL injection vulnerability. An unauthenticated attacker can exploit improper validation of input in specific components, which could allow for execution of arbitrary SQL queries against the backend database...

9.8CVSS7.2AI score0.94046EPSS
Exploits5References4
Nuclei
Nuclei
added 18 hours ago42 views

Netis Wifi Router - Information Disclosure

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

2.7CVSS6.6AI score0.06356EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago64 views

Flowise <= 1.8.2 Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. id: CVE-2024-8181 info: name: Flowise = 1.8.2 Authentication Bypass author:...

9.8CVSS6.1AI score0.46095EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago32 views

Issabel PBX 4.0.0-6 - Directory Listing

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory id: CVE-2023-37599 info: name: Issabel PBX 4.0.0-6 - Directory Listing author: ritikchaddha severity: high description: | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker...

7.5CVSS7AI score0.03009EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago57 views

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

6.1CVSS4.4AI score0.01365EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago40 views

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7AI score0.63422EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago45 views

WAVLINK AC1200 - Information Disclosure

A vulnerability is in the 'livemfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. id: CVE-2021-44260 info: name:...

7.5CVSS7AI score0.07573EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago58 views

Onkyo TX-NR585 Web Interface - Directory Traversal

Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...

7.5CVSS7AI score0.14071EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago51 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.2AI score0.58742EPSS
Exploits6References5
Nuclei
Nuclei
added 20 hours ago50 views

Socomec DIRIS A-40 Devices Password Disclosure

Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI. id: CVE-2019-15859 info: name: Socomec DIRIS A-40 Devices Password Disclosure author:...

10CVSS7.1AI score0.34113EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago11 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS7.2AI score0.70099EPSS
Exploits5References3
Nuclei
Nuclei
added 20 hours ago54 views

Intel Neural Compressor <2.5.0 - SQL Injection

Improper input validation in some IntelR Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. id: CVE-2024-22476 info: name: Intel Neural Compressor 2.5.0 - SQL Injection author: ritikchaddha severity:...

10CVSS7.2AI score0.33357EPSS
Exploits0References2
Rows per page
Query Builder