Lucene search
+L

59423 matches found

Nuclei
Nuclei
added yesterday75 views

WordPress AcyMailing <7.5.0 - Open Redirect

WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...

6.1CVSS6.2AI score0.01939EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday53 views

Cuppa CMS v1.0 - SQL injection

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. id: CVE-2022-27985 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection...

9.8CVSS8.7AI score0.06598EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday61 views

Cuppa CMS v1.0 - SQL injection

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the searchword parameter. id: CVE-2022-24264 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was discovered to contain...

7.8CVSS7.6AI score0.06711EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday61 views

WebTareas 2.4p5 - SQL Injection

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. id: CVE-2022-44291 info: name: WebTareas 2.4p5 - SQL Injection author: theamanrawat severity: critical description: | webTareas 2.4p5 was discovered to contain a SQL injection...

9.8CVSS8.7AI score0.03616EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday36 views

Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval

A directory traversal vulnerability in the SimpleDownload comsimpledownload component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2122 info: name: Joomla! Component simpledownload =0.9.5 -...

6.8CVSS5.6AI score0.11663EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday33 views

Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...

7.5CVSS7.2AI score0.36823EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday67 views

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...

9.8CVSS8.9AI score0.57702EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday51 views

Joomla! Component PicSell 1.0 - Arbitrary File Retrieval

A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...

5CVSS5.6AI score0.08523EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday41 views

Joomla! Component com_blog - Directory Traversal

A directory traversal vulnerability in index.php in the MyBlog commyblog component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the task parameter. id: CVE-2010-1540 info: name: Joomla! Component comblog - Directory Traversal author: daffainfo severity:...

5CVSS5.6AI score0.08233EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday202 views

Apache Airflow <1.10.14 - Authentication Bypass

Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session. id: CVE-2020-17526 info: name: Apache Airflow 1.10.14 -...

7.7CVSS7.3AI score0.23336EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday55 views

Joomla! RSfiles <=1.0.2 - Local File Inclusion

Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component comrsfiles. This could allow remote attackers to arbitrarily read files via a .. dot dot in the path parameter in a files.display action. id: CVE-2007-4504 info: name: Joomla! RSfiles...

5CVSS5.3AI score0.09491EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday50 views

Cuppa CMS v1.0 - SQL injection

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menufilter=3 parameter. id: CVE-2022-24265 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was...

7.8CVSS7.6AI score0.06711EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday3 views

Balbooa Forms < 2.4.1 - Unauthenticated Arbitrary File Upload

Joomla Balbooa Forms contains an unrestricted file upload vulnerability caused by lack of authentication checks, letting unauthenticated attackers upload executable files and achieve remote code execution. id: CVE-2026-56291 info: name: Balbooa Forms 2.4.1 - Unauthenticated Arbitrary File Upload...

10CVSS6AI score0.00836EPSS
Exploits6References2
Nuclei
Nuclei
added yesterday43 views

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...

6.5CVSS6.4AI score0.02646EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday75 views

Cuppa CMS v1.0 - Cross Site Scripting

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. id: CVE-2022-38295...

6.1CVSS6.2AI score0.01072EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday54 views

Cuppa CMS v1.0 - SQL injection

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php. id: CVE-2022-27984 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was...

9.8CVSS8.7AI score0.0678EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday59 views

WebTareas 2.4p5 - SQL Injection

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. id: CVE-2022-44290 info: name: WebTareas 2.4p5 - SQL Injection author: theamanrawat severity: critical description: | webTareas 2.4p5 was discovered to contain a SQL injection...

9.8CVSS8.7AI score0.03616EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday124 views

Simple Task Managing System v1.0 - SQL Injection

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...

9.8CVSS8.8AI score0.20693EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday84 views

Seo By 10Web < 1.2.7 - Cross-Site Scripting

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id:...

4.8CVSS6.3AI score0.00909EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday71 views

Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution

Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution. id: CVE-2022-28219 info: name: Zoho ManageEngine ADAudit Plus 7600 - XML Entity Injection/Remote Code Execution author: dwisiswant0 severity:...

9.8CVSS8.7AI score0.97011EPSS
Exploits6References5
Rows per page
Query Builder