Lucene search
+L

13781 matches found

Nuclei
Nuclei
added yesterday61 views

WordPress WPSmartContracts <1.3.12 - SQL Injection

WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute...

8.8CVSS7.1AI score0.03663EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday90 views

Smart s200 Management Platform v.S200 - SQL Injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...

7.8CVSS6.1AI score0.01101EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday82 views

Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS7.1AI score0.51466EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago88 views

Smart Office Web 20.28 - Information Disclosure

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. id: CVE-2022-47075 info: name: Smart Office Web 20.28 - Information Disclosure author:...

7.5CVSS7AI score0.59407EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago120 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7AI score0.16062EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago158 views

Dahua Smart Park Management - Arbitrary File Upload

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...

9.8CVSS6.7AI score0.73525EPSS
Exploits2References5
NVD
NVD
added 3 days ago5 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-12385 Smart Slider 3 <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via WP_Query Parameter Injection via 'keyword' Parameter

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
CVE
CVE
added 3 days ago8 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References7
Patchstack
Patchstack
added 3 days ago6 views

WordPress Smart Slider 3 plugin <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Yuvraj Tomar in WordPress Plugin Smart Slider 3 versions = 3.5.1.37...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 3 days ago110 views

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. id: CVE-2024-0939 info: name: Smar...

9.8CVSS6.5AI score0.43777EPSS
Exploits1References5
NVD
NVD
added 4 days ago8 views

CVE-2026-15498

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS0.00254EPSS
Exploits0References4
CVE
CVE
added 4 days ago11 views

CVE-2026-15498

CVE-2026-15498 affects the sergomanov SmartHomeAdatum product, specifically the Login component’s file users.php . The root cause is improper handling of the Login argument, which enables a SQL injection. The vulnerability is exploitable remotely over the network. No version details are provided ...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
Nuclei
Nuclei
added 5 days ago55 views

Hardcoded Admin Credentials For Cisco Smart Licensing Utility API

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit...

9.8CVSS7.1AI score0.91911EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-57023

Name of the Vulnerable Software and Affected Versions psd-tools versions prior to 1.17.1 Description An issue exists where the SmartObject.save function writes embedded smart objects to a path taken directly from a PSD file without sanitization. This allows an attacker to use absolute paths or...

4.6CVSS6.2AI score
Exploits0References9
EUVD
EUVD
added 2026/07/05 9:30 a.m.6 views

EUVD-2026-41743

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclose...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:30 a.m.7 views

CVE-2026-14735

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclose...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 9:30 a.m.18 views

CVE-2026-14735

CVE-2026-14735 affects code-projects Smart Parking System 1.0, specifically the unknown function in /parkings/parkings.php. The vulnerability arises from manipulating the street, city, or status arguments, leading to an SQL injection. A remote attack is possible and the exploit has been disclosed...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.15 views

PT-2026-55783

Name of the Vulnerable Software and Affected Versions code-projects Smart Parking System version 1.0 Description An issue exists in the /parkings/parkings.php file where improper handling of the street, city, and status arguments allows for remote SQL injection. SQL injection is a technique where...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References10
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-28744

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS0.00343EPSS
Exploits0References4
Rows per page
Query Builder