Lucene search
K

85101 matches found

EUVD
EUVD
added 13 hours ago9 views

EUVD-2026-41846

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score
Exploits0References1
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-41817

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...

9.8CVSS6AI score
Exploits0References2
Nuclei
Nuclei
added 18 hours ago103 views

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

7.5CVSS7.1AI score0.74881EPSS
Exploits16References5
Nuclei
Nuclei
added 18 hours ago29 views

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

7.5CVSS6.1AI score0.12991EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago102 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7.2AI score0.22292EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago73 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.8AI score0.02273EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago53 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7.1AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago33 views

WAVLINK - Access Control

Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform...

7.5CVSS7.1AI score0.07759EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago28 views

Yearning - Directory Traversal

Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...

7.5CVSS7.1AI score0.06299EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago125 views

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. id: CVE-2024-36837 info: name: CRMEB v.5.2.2 - SQL Injection author: DhiyaneshDk severity: high description: | SQL Injection...

7.5CVSS6.1AI score0.08306EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago48 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago77 views

Masa CMS - Authentication Bypass

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.2AI score0.06253EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago251 views

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

8.3CVSS7.3AI score0.94721EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago162 views

LearnPress <= 4.2.5.7 - SQL Injection

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS7.1AI score0.51394EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago45 views

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

6.1CVSS6.3AI score0.44513EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago27 views

CyberPower - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32738 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...

7.5CVSS7.1AI score0.04515EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago17 views

CyberPower - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32737 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...

7.5CVSS7.1AI score0.05408EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago22 views

CyberPower < v2.8.3 - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32739 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/ndconfig?mode=&uid=1'%20UNION%20select%201,2,3,sqliteversion;--"...

7.5CVSS6AI score0.05408EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago77 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS7AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago35 views

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...

9.8CVSS6AI score0.1942EPSS
Exploits1References5
Rows per page
Query Builder