Lucene search
K

160787 matches found

Nuclei
Nuclei
added 12 hours ago138 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago60 views

Oracle Content Server - Cross-Site Scripting

Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. id: CVE-2017-100...

8.2CVSS6.5AI score0.17558EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago39 views

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

9.1CVSS7.1AI score0.0857EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago22 views

XWiki Platform - SQL Injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

9.8CVSS7.1AI score0.8541EPSS
Exploits6References2
Nuclei
Nuclei
added 12 hours ago120 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.6AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago72 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.1AI score0.04518EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago67 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago88 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.3AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago74 views

GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

10CVSS7.2AI score0.13227EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago21 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6.1AI score0.02095EPSS
Exploits1References2
CVE
CVE
added yesterday11 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...

4.8CVSS6.1AI score
Exploits0References2
Debian CVE
Debian CVE
added yesterday5 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score
Exploits0
EUVD
EUVD
added yesterday8 views

EUVD-2026-43183

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score
Exploits0References2
EUVD
EUVD
added yesterday10 views

EUVD-2026-43179

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-11591

CVE-2026-11591 affects the WordPress plugin Widgets for Google Reviews up to version 13.3. It is a Stored Cross‑Site Scripting (XSS) vulnerability triggered via admin settings, caused by insufficient input sanitization and output escaping in the parameters fomo-title and fomo-text . Exploitation ...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References10
CVE
CVE
added yesterday11 views

CVE-2026-12738

CVE-2026-12738 affects WP Easy Pay

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-12141

The CVE-2026-12141 entry describes a Stored Cross-Site Scripting vulnerability in the Premium Addons for Elementor – Powerful Elementor Templates & Widgets WordPress plugin. Affected component: the premium_tooltip_text parameter; impact arises from insufficient input sanitization and output escap...

4.9CVSS6.2AI score0.00193EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday135 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.2AI score0.7654EPSS
Exploits19References4
Nuclei
Nuclei
added yesterday247 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
Nuclei
Nuclei
added yesterday126 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS6.8AI score0.54872EPSS
Exploits5References3
Rows per page
Query Builder