257203 matches found
kkFileView 4.1.0 - Cross-Site Scripting
kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Reprise License Manager 14.2 - Information Disclosure
Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture and file/directory...
Node.js Embedded JavaScript 3.1.6 - Template Injection
Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...
Trilium <0.52.4 - Cross-Site Scripting
Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2022-2290 info: name: Trilium 0.52.4 - Cross-Site Scripting author:...
Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
Zyxel NBG2105 V1.00AAGU.2C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access. id: CVE-2021-3297 info: name: Zyxel NBG2105 V1.00AAGU.2C0 - Authentication Bypass author: gy741 severity: high description: Zyxel NBG21...
KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
WordPress Simple File List - Path Traversal
Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...
WordPress Front End Users - Reflected XSS
WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
ComfyUI-Manager < 3.38 - Configuration Overwrite
ComfyUI-Manager 3.38 contains an insecure file storage vulnerability caused by storing files in an insufficiently protected location accessible via the web interface, letting remote attackers manipulate configuration and critical data, exploit requires web access. id: CVE-2025-67303 info: name:...
Lodash Template - Server-Side Template Injection (RCE)
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...
NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. id: CVE-2025-32815 info: name: NetMRI 7.6.1 - Authentication Bypass via Hardcoded Credentials author: iamnoooob,pdresearch severity: medium description: | An issue was discovered i...
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
Apache OFBiz - XML External Entity Injection
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...
Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting
The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...
Kubio AI Page Builder <= 2.5.1 - Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...