Lucene search
+L

180676 matches found

Nuclei
Nuclei
added 5 hours ago75 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS5.3AI score0.01235EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago31 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS5.6AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago17 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.2AI score0.00594EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago21 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS5.4AI score0.17393EPSS
Exploits1References3
Nuclei
Nuclei
added 5 hours ago123 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS8.3AI score0.22292EPSS
Exploits1References4
Nuclei
Nuclei
added 5 hours ago67 views

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSWcxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. id:...

9.8CVSS8.5AI score0.27215EPSS
Exploits6References5
EUVD
EUVD
added 9 hours ago8 views

EUVD-2026-45353

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...

5.3CVSS5.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 13 hours ago10 views

PT-2026-60919

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get chat sessions of the file astrbot/dashboard/routes/open api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It ...

5.3CVSS4.9AI score
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-16074

CVE-2026-16074 affects AstrBot up to version 4.25.2. The vulnerability lies in the function update_plugin/update_all_plugins (file astrbot/dashboard/routes/plugin.py) where manipulation of the arguments download_url/download_urls/proxy enables server-side request forgery (SSRF). Exploitation may ...

6.5CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2024-42214

CVE-2024-42214 involves the HCL Aftermarket EPC web server where the HTTP OPTIONS method is enabled. The public descriptions indicate this allows an attacker to view the methods the server supports, potentially aiding targeted probing. The available sources do not provide exploitable vectors, aff...

5.3CVSS5.4AI score
Exploits0References1
NVD
NVD
added 2 days ago10 views

CVE-2026-15907

A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=logfwnbcmailjsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-15527

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS0.0014EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43249

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References6
CVE
CVE
added 6 days ago14 views

CVE-2026-15498

CVE-2026-15498 affects the sergomanov SmartHomeAdatum product, specifically the Login component’s file users.php . The root cause is improper handling of the Login argument, which enables a SQL injection. The vulnerability is exploitable remotely over the network. No version details are provided ...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-15497 SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS0.00394EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43215

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43212

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00393EPSS
Exploits0References4
CVE
CVE
added 6 days ago16 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-43192

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...

5.3CVSS5.7AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57617

A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

9CVSS7.3AI score0.00466EPSS
Exploits0References7
Rows per page
Query Builder