Lucene search
K

259870 matches found

BDU FSTEC
BDU FSTEC
added 1 hour ago27 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-61443 PraisonAI before 1.6.78 Remote Code Execution via SkillTools

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...

8.6CVSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago49 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS6.8AI score0.02205EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago40 views

SDT-CW3B1 1.1.0 - OS Command Injection

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. id: CVE-2021-46422 info: name: SDT-CW3B1 1.1.0 - OS Command Injection author: badboycxcc,prajiteshsingh severity: critical description: ...

10CVSS7.1AI score0.94629EPSS
Exploits20References5
Nuclei
Nuclei
added 8 hours ago45 views

Atmail 6.5.0 - Cross-Site Scripting

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...

6.1CVSS6.5AI score0.02422EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago220 views

Studio-42 elFinder <2.1.60 - Arbitrary File Upload

Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code. id: CVE-2021-43421 info: name: Studio-42 elFinder 2.1.60 - Arbitrary File Upload author: akincibor severity:...

9.8CVSS7.2AI score0.42781EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago50 views

AlquistManager Local File Inclusion

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id...

7.5CVSS7.1AI score0.09052EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago49 views

Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...

9.8CVSS6.5AI score0.04591EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago17 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 8 hours ago13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.2AI score0.03464EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago16 views

WordPress Kali Forms <= 2.4.9 - Remote Code Execution

Kali Forms WordPress plugin = 2.4.9 contains a remote code execution caused by unsafe user input handling in 'formprocess' and 'preparepostdata' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication. id: CVE-2026-3584 info: name: WordPress Kal...

9.8CVSS6.5AI score0.07239EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago35 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6.1AI score0.43192EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago19 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.2AI score0.08517EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago33 views

Oracle Identity Manager REST WebServices - Authentication Bypass

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

9.8CVSS7.1AI score0.88312EPSS
Exploits1
Nuclei
Nuclei
added 8 hours ago9 views

Letta Letta 0.7.12 - Remote Code Execution

Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.restapi.routers.v1.tools.runtoolfromsource, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code...

8.8CVSS6.6AI score0.01862EPSS
Exploits2References4
Nuclei
Nuclei
added 8 hours ago45 views

Mongoose < 8.8.3 - Remote Code Execution

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. id: CVE-2024-53900 info: name: Mongoose 8.8.3 - Remote Code Execution author: h4mg severity: critical description: | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. impact...

9.1CVSS7.1AI score0.03988EPSS
Exploits3References5
Nuclei
Nuclei
added 8 hours ago63 views

JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.2AI score0.10224EPSS
Exploits8References5
Rows per page
Query Builder