Lucene search
K

954674 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-46463

Dell PowerProtect Data Domain vulnerabilities (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contain an integer overflow/wraparound issue. An unauthenticated, remote attacker could potentially exploit this vulnerability to cause a denial of ...

6.5CVSS6AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41547

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker...

6.5CVSS6AI score0.00243EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago44 views

FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core. id: CVE-2020-9548 info: name: FasterXML Jackson Databind =2.9.10.4 - Remote Code Execution author: tomaquet18...

9.8CVSS7.1AI score0.18345EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago326 views

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

9.8CVSS7.9AI score0.85785EPSS
Exploits8References5
Nuclei
Nuclei
added 2 days ago152 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.2AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago26 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS6.1AI score0.2195EPSS
Exploits6References5
Nuclei
Nuclei
added 2 days ago40 views

D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

9CVSS7.6AI score0.78191EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago45 views

CouchCMS <= 2.0 - Path Disclosure

CouchCMS = 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. id: CVE-2018-7662 info: name: CouchCMS = 2.0 - Path Disclosure author: ritikchaddha severity: medium description: CouchCMS = 2.0 allows...

5.3CVSS6.2AI score0.43515EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago14 views

Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

9.8CVSS7.2AI score0.35564EPSS
Exploits2References4
Nuclei
Nuclei
added 2 days ago74 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.3AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago57 views

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug...

9CVSS7.7AI score0.83547EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago20 views

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

9.8CVSS7.8AI score0.82966EPSS
Exploits8References1
Nuclei
Nuclei
added 2 days ago164 views

Prestashop AttributeWizardPro Module - Arbitrary File Upload

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file. id: CVE-2018-10942 info: name: Prestashop AttributeWizardPro Module - Arbitrary File Upload author: MaStErChO severity: critical description: | In the Attribute Wizard add...

9.8CVSS7.6AI score0.12744EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago31 views

Joomla! Component Jstore - 'Controller' Local File Inclusion

A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...

10CVSS6.1AI score0.11382EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago29 views

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

7.5CVSS6.1AI score0.12991EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago23 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS8.2AI score0.83857EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago24 views

Joomla! Component Fabrik 2.0 - Local File Inclusion

A directory traversal vulnerability in the Fabrik comfabrik component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1981 info: name: Joomla! Component Fabrik 2.0 - Local File Inclusion author: daffainfo...

6.8CVSS6.1AI score0.11864EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago84 views

GitList < 0.6.0 Remote Code Execution

klaussilveira GitList version = 0.6 contains a passing incorrectly sanitized input via the searchTree function that can result in remote code execution. id: CVE-2018-1000533 info: name: GitList 0.6.0 Remote Code Execution author: pikpikcu severity: critical description: klaussilveira GitList...

9.8CVSS7.5AI score0.72967EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago70 views

Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. id: CVE-2018-20824 info: name: Atlassian Jira WallboardServlet 7.13.1 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.37577EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago32 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...

9.8CVSS7.7AI score0.0837EPSS
Exploits1References2
Rows per page
Query Builder