Lucene search
K

272 matches found

Nuclei
Nuclei
added yesterday14 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.2AI score0.37366EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2022-55985

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.9 views

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS6.8AI score0.18607EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.6 views

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

5.4CVSS6.2AI score0.00596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:31 a.m.12 views

CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

4.3CVSS6.8AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.8 views

CVE-2020-10879

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

9.8CVSS7.3AI score0.83862EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.10 views

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

6.5CVSS6.8AI score0.00902EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.9 views

CVE-2023-25096

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.9 views

CVE-2023-25119

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.9 views

CVE-2023-25088

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:43 a.m.10 views

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.02828EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-5464

Malware in sbrugna...

5CVSS6.1AI score0.0349EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-2220

Malware in sbrugna...

6.5CVSS6AI score0.02912EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5814

Malware in sbrugna...

9.8CVSS8.8AI score0.02337EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19751

Malware in sbrugna...

9.8CVSS6.9AI score0.00866EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-7513

Malware in sbrugna...

9.9CVSS8.5AI score0.00673EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-2315

Malware in sbrugna...

5CVSS6.4AI score0.014EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-3058

Malware in sbrugna...

7.5CVSS6.2AI score0.03101EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2003-1247

Malware in sbrugna...

5CVSS6.4AI score0.01548EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-10464

Malware in sbrugna...

8.8CVSS8.8AI score0.01369EPSS
Exploits0References2
Rows per page
Query Builder