Lucene search
K

85151 matches found

Nuclei
Nuclei
added 12 hours ago64 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago55 views

WordPress AnyComment <0.3.5 - Open Redirect

WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...

6.1CVSS6.4AI score0.02208EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago104 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

7.8CVSS7AI score0.09966EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago28 views

Icinga Web 2 - Arbitrary File Disclosure

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...

7.5CVSS7AI score0.89378EPSS
Exploits8References5
Nuclei
Nuclei
added 12 hours ago51 views

Microweber Information Disclosure

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0281 info: name: Microweber Information Disclosure author: pikpikcu severity: high description: Microweber contains a...

7.5CVSS7AI score0.1201EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago51 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS6.1AI score0.39797EPSS
Exploits6References5
Nuclei
Nuclei
added 12 hours ago25 views

Jiangnan Online Judge 0.8.0 - Local File Inclusion

Jiangnan Online Judge aka jnoj 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../. id: CVE-2019-17538 info: name: Jiangnan Online Judge 0.8.0 - Local File Inclusion author: pussycat0x severity: high description: | Jiangnan Online Judge aka jnoj 0.8.0 is...

7.5CVSS7AI score0.11648EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago73 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.02285EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago12 views

WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing

FastDup WordPress plugin 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication. id: CVE-2023-6592 info: name: WordPress FastDup = 2.1.9 Sensitive Information Exposure -...

5.3CVSS6.7AI score0.00913EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago59 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS6.1AI score0.01175EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS6.1AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago33 views

WordPress Events Manager <= 7.0.3 - SQL Injection

The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS6.1AI score0.55683EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago1482 views

Pterodactyl Panel - Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. id: CVE-2025-49132 info: name: Pterodactyl Panel - Remote Code Execution...

10CVSS6.4AI score0.13105EPSS
Exploits28References3
Nuclei
Nuclei
added 12 hours ago36 views

Brother MFC-L9570CDW - Information Disclosure

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7AI score0.7656EPSS
Exploits0References1
Nuclei
Nuclei
added 12 hours ago132 views

LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

9.8CVSS7AI score0.83178EPSS
Exploits7References5
Nuclei
Nuclei
added 12 hours ago94 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6.1AI score0.01959EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago101 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago70 views

NetScaler Console - Sensitive Information Disclosure

Sensitive information disclosure in NetScaler Console id: CVE-2024-6235 info: name: NetScaler Console - Sensitive Information Disclosure author: DhiyaneshDk severity: critical description: | Sensitive information disclosure in NetScaler Console impact: | Attackers can access sensitive information...

9.4CVSS7.1AI score0.21331EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago78 views

CyberPower - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32738 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...

7.5CVSS7AI score0.04515EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago24 views

CyberPower < v2.8.3 - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32739 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/ndconfig?mode=&uid=1'%20UNION%20select%201,2,3,sqliteversion;--"...

7.5CVSS6.1AI score0.05408EPSS
Exploits0References3
Rows per page
Query Builder