Lucene search
+L

524874 matches found

Nuclei
Nuclei
added yesterday46 views

Dairy Farm Shop Management System 1.0 - SQL Injection

Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context ...

9.8CVSS8.8AI score0.19478EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday74 views

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...

9.8CVSS8.4AI score0.18994EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday81 views

Flyte Console <0.52.0 - Server-Side Request Forgery

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or...

9.1CVSS7.3AI score0.1029EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday28 views

WordPress <= 6.2 - Server Side Request Forgery

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...

5.9CVSS5.9AI score0.0315EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday53 views

Cuppa CMS v1.0 - SQL injection

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. id: CVE-2022-27985 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection...

9.8CVSS8.7AI score0.06598EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday74 views

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

9.8CVSS8.8AI score0.09621EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday70 views

WordPress White Label CMS <2.2.9 - Cross-Site Scripting

WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing. id: CVE-2022-0422 info: name: WordPress White Label CMS 2.2.9 -...

6.1CVSS5.8AI score0.0812EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday44 views

Contao <4.13.3 - Cross-Site Scripting

Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. id: CVE-2022-24899 info: name: Contao 4.13.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Contao prior to 4.13.3 contains...

7.2CVSS6.5AI score0.04396EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday68 views

Microweber <1.3.2 - Cross-Site Scripting

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. id: CVE-2022-3242 info: name: Microweber 1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber...

6.1CVSS5.1AI score0.01383EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday91 views

WordPress Visitor Statistics <=5.7 - SQL Injection

WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...

9.8CVSS8.9AI score0.03413EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday108 views

LISTSERV 17 - Cross-Site Scripting

LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2022-39195 info: name:...

6.1CVSS6.1AI score0.06314EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday75 views

WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request id: CVE-2022-1595 info: name: WordPress HC Custom WP-Admin URL =1.5 to mitigate the vulnerability. reference: -...

5.3CVSS5.6AI score0.02621EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday30 views

Helmet Store Showroom - Cross Site Scripting

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. id: CVE-2022-46073 info: name: Helmet Store Showroom - Cross Site Scripting author: Harsh severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. impact: | Successful exploitation of...

6.1CVSS6AI score0.01235EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday155 views

WordPress Sitemap by click5 <1.0.36 - Missing Authorization

WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain...

8.8CVSS7.9AI score0.13329EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday74 views

Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...

9.1CVSS8.3AI score0.20249EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday106 views

MCMS 5.2.4 - SQL Injection

MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-25125 info: name: MCMS...

9.8CVSS8.8AI score0.06981EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday66 views

pfSense pfBlockerNG - OS Command Injection

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. id: CVE-2022-40624 info: name: pfSense pfBlockerNG - OS Command Injection author: ritikchaddha severity: critical description: | pfSense pfBlockerNG through 2.1.427 allow...

9.8CVSS9AI score0.17107EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday77 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-35151 info: name: kkFileView 4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.1.0...

6.1CVSS5.8AI score0.01151EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday49 views

Online Birth Certificate System 1.2 - Stored Cross-Site Scripting

Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters. id: CVE-2022-29005 info:...

6.1CVSS6.2AI score0.0212EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday35 views

WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

6.1CVSS6AI score0.01601EPSS
Exploits2References5
Rows per page
Query Builder