Lucene search
K

30867 matches found

GithubExploit
GithubExploit
added 42 minutes ago4 views

wp-cve-exploits

wp-cve-exploits Nuclei detection templates and validated PoC...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago5 views

C-exploitation-and-mitigation

C Memory-Safety & Exploit-Mitigations Three self-contained de...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago7 views

AI-Pentest

Auto Pentest Platform Platform otomasi penetration testing de...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2 hours ago3 views

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the exposed files showed...

6AI score
Exploits0
GithubExploit
GithubExploit
added 4 hours ago9 views

cve-reverser

cve-reverser Reverse publicly disclosed WordPress plugin CV...

6.1AI score
Exploits2
Nuclei
Nuclei
added 10 hours ago47 views

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

5.3CVSS6.5AI score0.01942EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago11 views

WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload

The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...

9.8CVSS6.4AI score0.35708EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago27 views

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

7.5CVSS6.9AI score0.39867EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago119 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection

The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...

4.3CVSS6.3AI score0.06079EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago73 views

CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS7.5AI score0.05871EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago44 views

CrafterCMS Engine - Cross-Site Scripting

CrafterCMS Engine is vulnerable to reflected cross-site scripting XSS via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the user. id: CVE-2023-4136 info: name: CrafterCMS Engine - Cross-Site Scripting...

7.4CVSS6.9AI score0.01304EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago9 views

WordPress BackWPup < 4.0.4 - Backup File Disclosure

BackWPup WordPress plugin 4.0.4 contains a directory listing vulnerability caused by lack of access restrictions in its temporary backup folder, letting unauthenticated attackers download site backups, exploit requires no authentication. id: CVE-2023-7164 info: name: WordPress BackWPup 4.0.4 -...

7.5CVSS5.8AI score0.02261EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago138 views

Ghost CMS < 5.42.1 - Path Traversal

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. id: CVE-2023-32235 info: name: Ghost CMS 5.42.1 - Path Traversal author: j3ssie severit...

7.5CVSS7.2AI score0.39078EPSS
Exploits3References4
Nuclei
Nuclei
added 10 hours ago44 views

Ivanti Avalanche 6.3.2 - Local File Inclusion

Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. id: CVE-2021-30497 info: name: Ivanti Avalanche 6.3.2 - Local File Inclusion author: gy741 severity: high description: Ivanti Avalanch...

7.5CVSS7.1AI score0.9658EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago69 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. id: CVE-2019-2578 info: name: Oracle Fusion...

8.6CVSS7.2AI score0.72402EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago78 views

Commvault CommCell - Local File Inclusion

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...

7.5CVSS7.1AI score0.09884EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago10 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS7AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago68 views

MicroStrategy Web 10.4 - Information Disclosure

MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and there...

7.5CVSS7.1AI score0.17841EPSS
Exploits3References5
Nuclei
Nuclei
added 10 hours ago46 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7.1AI score0.17982EPSS
Exploits3
Nuclei
Nuclei
added 10 hours ago114 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS7.1AI score0.64603EPSS
Exploits3References5
Rows per page
Query Builder