Lucene search
K

257778 matches found

Nuclei
Nuclei
added 16 hours ago167 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS6.1AI score0.02618EPSS
Exploits6References2
Nuclei
Nuclei
added 16 hours ago38 views

XWiki - Open Redirect

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com i.e. omitting the http:. It was also possible to bypass it when using URL...

6.1CVSS6.3AI score0.01756EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago84 views

Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call. id: CVE-2022-34534 info: name: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure author: ritikchaddha severity: high description: | Digital Watchdog DW...

7.5CVSS7AI score0.02102EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago102 views

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

9.8CVSS7.1AI score0.99426EPSS
Exploits7References6
Nuclei
Nuclei
added 16 hours ago18 views

RWS WorldServer - Authentication Bypass

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. id: CVE-2022-34267 info: name: RWS...

9.8CVSS7.1AI score0.42162EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago61 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them. id: CVE-2023-1263 info: name: Coming Soon & Maintenance 4.1.7 - Unauthenticated Post/Page Access author: r3Y3r53 severity: medium...

5.3CVSS6.7AI score0.01414EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago147 views

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

7.1CVSS6.6AI score0.01448EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago173 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago45 views

WordPress JoomSport <5.2.8 - SQL Injection

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

9.8CVSS7.1AI score0.04756EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago62 views

Reprise License Manager 14.2 - Information Disclosure

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture and file/directory...

5.3CVSS6.3AI score0.08359EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago45 views

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

7.5CVSS7AI score0.11615EPSS
Exploits7References5
Nuclei
Nuclei
added 16 hours ago67 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS6.8AI score0.09743EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago22 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS6.1AI score0.01158EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago153 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.01084EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago74 views

NexusPHP <1.7.33 - Cross-Site Scripting

NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can...

6.1CVSS6.5AI score0.01543EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago129 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS6.3AI score0.03395EPSS
Exploits2References3
Circl
Circl
added 16 hours ago6 views

CVE-2026-8919

creationtimestamp| type| source ---|---|--- 2026-07-15 04:14:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnubvidgw2i 2026-07-15 16:45:13+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-asus-1...

7.2CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-48325

creationtimestamp| type| source ---|---|--- 2026-07-14 23:12:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqndfhf7vy27 2026-07-14 23:18:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndpmxbgv2v...

9.3CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-48284

creationtimestamp| type| source ---|---|--- 2026-07-14 23:12:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndewdlkw2w 2026-07-14 23:19:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnds5jgt227...

9.6CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-48327

creationtimestamp| type| source ---|---|--- 2026-07-14 22:55:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnchrpcwo2e 2026-07-14 23:18:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndpo57ko24 2026-07-15 10:30:27+00:00| seen|...

9CVSS6.2AI score
Exploits0References4
Rows per page
Query Builder