Lucene search
K

257005 matches found

Nuclei
Nuclei
added 18 hours ago266 views

Node.js Embedded JavaScript 3.1.6 - Template Injection

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...

9.8CVSS6.8AI score0.32386EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago83 views

Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call. id: CVE-2022-34534 info: name: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure author: ritikchaddha severity: high description: | Digital Watchdog DW...

7.5CVSS7.1AI score0.02102EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago68 views

Trilium <0.52.4 - Cross-Site Scripting

Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2022-2290 info: name: Trilium 0.52.4 - Cross-Site Scripting author:...

6.4CVSS6.8AI score0.03096EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago59 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.2AI score0.4408EPSS
Exploits2
Nuclei
Nuclei
added 18 hours ago44 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago12 views

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

8.8CVSS7.2AI score0.0189EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago49 views

WordPress My Calendar <= 3.1.9 - Cross-Site Scripting

WordPress plugin My Calendar = 3.1.10 or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/9267 - https://wordpress.org/plugins/my-calendar/developers - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 -...

6.1CVSS6.3AI score0.02542EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago65 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS6.9AI score0.09743EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago60 views

Jeedom <=4.0.38 - Cross-Site Scripting

Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-9036 info: name: Jeedom =4.0.38 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.6AI score0.03587EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago80 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7.2AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago24 views

SAP Solution Manager - Open Redirect

SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-26836 info: name: SAP Solution Manager - Open...

6.1CVSS6.2AI score0.02338EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago79 views

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS7.7AI score0.10305EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago37 views

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

9.8CVSS7.1AI score0.07131EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago18 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7AI score0.1591EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago31 views

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

6.1CVSS6.3AI score0.07652EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago114 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.4AI score0.39335EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago37 views

Sympa version =>6.2.16 - Cross-Site Scripting

Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. id: CVE-2018-1000671 info: name: Sympa version =6.2.16 -...

6.1CVSS6.6AI score0.03982EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago91 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.8AI score0.02273EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago177 views

Zeit Next.js < 4.2.3 - Local File Inclusion

Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...

7.5CVSS7.1AI score0.0906EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago121 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7.2AI score0.22292EPSS
Exploits1References4
Rows per page
Query Builder