Lucene search
+L

2049 matches found

Nuclei
Nuclei
added 9 hours ago124 views

Fastjson Insecure Deserialization - Remote Code Execution

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi-// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS9.1AI score0.3897EPSS
Exploits2References6
Nuclei
Nuclei
added 9 hours ago30 views

XWiki - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. id: CVE-2023-35155 info: name: XWiki - Cross-Site Scripting author: ritikchaddha severity: medium...

8.8CVSS7AI score0.01496EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS5.9AI score0.1052EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago51 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS5.6AI score0.18703EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago64 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS5.1AI score0.06232EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago73 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS5.9AI score0.08142EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago171 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS8.4AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago51 views

VelotiSmart Wifi - Directory Traversal

VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...

9.8CVSS8.4AI score0.3757EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago86 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7.3AI score0.07849EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago37 views

Gogs (Go Git Service) - SQL Injection

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS6.3AI score0.33391EPSS
Exploits5References6
Nuclei
Nuclei
added 9 hours ago82 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS5.3AI score0.07986EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago88 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS5.2AI score0.06643EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago32 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.1AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago70 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.2AI score0.1404EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago57 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS5.5AI score0.10317EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS5.8AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago187 views

Sharp Multifunction Printers - Directory Listing

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...

7.5CVSS8.5AI score0.06226EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago73 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6AI score0.01278EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago56 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.4AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added 9 hours ago32 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...

6.1CVSS6.2AI score0.08112EPSS
Exploits5References2
Rows per page
Query Builder