Lucene search
K

23919 matches found

Nuclei
Nuclei
added 10 hours ago76 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure

A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...

8.7CVSS6.1AI score0.03692EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago23 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS6.2AI score0.14041EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago95 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago58 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago118 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago42 views

WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting

WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.00902EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago99 views

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

7.5CVSS7AI score0.39885EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago69 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.4AI score0.03241EPSS
Exploits3References5
Circl
Circl
added 15 hours ago5 views

CVE-2026-58486

creationtimestamp| type| source ---|---|--- 2026-07-14 02:38:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mql6gu5bqd2z...

8.3CVSS6.1AI score
Exploits0References1
Circl
Circl
added yesterday6 views

CVE-2026-62195

creationtimestamp| type| source ---|---|--- 2026-07-13 23:15:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkt4djxzu2i...

8.7CVSS6.1AI score
Exploits0References1
Circl
Circl
added yesterday3 views

GHSA-CM8G-8JFQ-887P

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:07+00:00| seen| https://t.me/GithubRedTeam/92588 2026-07-14 00:00:10+00:00| seen| https://t.me/GithubRedTeam/92588...

6.1AI score
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-57803

creationtimestamp| type| source ---|---|--- 2026-07-13 19:29:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkgiadrvj2e 2026-07-14 02:26:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql5seep2a22...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-22093

creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkhgrukm2t 2026-07-13 17:49:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkavfwvjs2y 2026-07-14 03:05:48+00:00| seen|...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References3
Circl
Circl
added yesterday7 views

CVE-2026-4769

creationtimestamp| type| source ---|---|--- 2026-07-13 07:21:18+00:00| seen| https://infosec.exchange/users/certvde/statuses/116911458109125585 2026-07-13 07:54:49+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mqj7nsuneh2l 2026-07-13 08:30:05+00:00| seen|...

9.8CVSS6.1AI score0.00447EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday151 views

Rudder Server < 1.3.0-rc.1 - SQL Injection

Rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS7.2AI score0.85825EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday35 views

RevPi Webstatus <= v2.4.5 - Authentication Bypass

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device id: CVE-2025-41646 info: name: RevPi Webstatus = v2.4.5 - Authentication Bypass author: DhiyaneshDK severity: critic...

9.8CVSS7AI score0.40725EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday46 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
Circl
Circl
added 2 days ago9 views

CVE-2026-56281

creationtimestamp| type| source ---|---|--- 2026-07-12 17:21:01+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqhotdnxkt22...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References1
Circl
Circl
added 2 days ago13 views

CVE-2026-61876

creationtimestamp| type| source ---|---|--- 2026-07-12 12:26:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6fkg4lk2e 2026-07-12 12:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hqwuyt2t 2026-07-12 13:00:35+00:00| seen|...

9.4CVSS6.1AI score0.002EPSS
Exploits0References7
Rows per page
Query Builder