Lucene search
+L

12052 matches found

nuclei
nuclei
added 5 hours ago47 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
nuclei
nuclei
added 5 hours ago43 views

WAVLINK WN533A8 - Improper Access Control

WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser; and thereby possibly obtain sensitive information, modify data, and/or execute...

7.5CVSS7AI score0.16583EPSS
Exploits4References5
nuclei
nuclei
added 5 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
nuclei
nuclei
added 5 hours ago23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
nuclei
nuclei
added 5 hours ago27 views

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...

5.3CVSS6.2AI score0.0991EPSS
Exploits1References2
nuclei
nuclei
added 5 hours ago51 views

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

5.3CVSS6.2AI score0.0747EPSS
Exploits1References1
nuclei
nuclei
added 5 hours ago43 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7AI score0.01721EPSS
Exploits1References3
nuclei
nuclei
added 5 hours ago12 views

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7AI score0.01664EPSS
Exploits3References3
nuclei
nuclei
added 5 hours ago31 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.2AI score0.02621EPSS
Exploits5References4
nuclei
nuclei
added 5 hours ago45 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.4AI score0.0125EPSS
Exploits1References4
nuclei
nuclei
added 5 hours ago59 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
susecve
susecve
added yesterday3 views

SUSE CVE-2025-6013

Vault and Vault Enterprise's “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.7AI score0.00502EPSS
Exploits0References4
cve
cve
added yesterday6 views

CVE-2026-62685

The CVE affects File Browser prior to version 2.63.17. The issue arises in how user scopes are built from usernames via cleanUsername() when Signup=true and CreateUserDir=true: the many-to-one normalization can collapse usernames such as team/one, team one, and team-one to the same home directory...

8.1CVSS6.1AI score
Exploits0References3
nvd
nvd
added 2 days ago5 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS0.00239EPSS
Exploits0References7
osv
osv
added 2 days ago3 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References9
cve
cve
added 2 days ago12 views

CVE-2026-62644

This CVE (CVE-2026-62644) affects Roundcube Webmail prior to 1.6.17 and 1.7.x prior to 1.7.2. The vulnerability lies in the password plugin, where session data usability allowed username spoofing, potentially enabling account takeover. The bases of impact are high for confidentiality and integrit...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References7
euvd
euvd
added 2 days ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References4
attackerkb
attackerkb
added 3 days ago2 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References4
cve
cve
added 3 days ago9 views

CVE-2026-62184

CVE-2026-62184 affects the OpenWrt luci-app-banip component. The issue is a log-parsing vulnerability in an awk-based parser that always extracts the first IPv4 address from a log line, regardless of its actual field position. An unauthenticated remote attacker can inject an IP address via attack...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References3
osv
osv
added 3 days ago3 views

CVE-2026-62184 luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References6
Rows per page
Query Builder