Lucene search
K
NucleiMost viewed

4139 matches found

Nuclei
Nuclei
•added 2026/06/26 6:13 p.m.•87 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.6AI score0.91896EPSS
Exploits11References5
Nuclei
Nuclei
•added yesterday•86 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.4AI score0.00816EPSS
Exploits1References1
Nuclei
Nuclei
•added yesterday•86 views

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting

Reflected cross-site scripting XSS exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. id: CVE-2022-48197 info: name: Yahoo User Interface library YUI2 TreeView v2.8.2 - Cross-Site Scripting...

6.1CVSS6.3AI score0.06608EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•86 views

Labstack Echo 4.8.0 - Open Redirect

Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-400...

9.6CVSS7.2AI score0.02309EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•86 views

D-Link DAP-1620 - Local File Inclusion

D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading /etc/passwd and /etc/shadow. id: CVE-2021-46381 info: name: D-Link DAP-1620 - Local File Inclusion author: 0xAkoko severity: high description: D-Link DAP-1620 is...

7.5CVSS6.7AI score0.57984EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•86 views

PrestaShop Responsive Mega Menu Module - Remote Code Execution

The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or...

9.8CVSS7.9AI score0.51572EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•86 views

AWStats < 6.95 - Open Redirect

An open redirect vulnerability in awredir.pl in AWStats 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2009-5020 info: name: AWStats 6.95 - Open Redirect author: pdteam severity: medium description: An open...

5.8CVSS6.1AI score0.03488EPSS
Exploits0References3
Nuclei
Nuclei
•added 2 days ago•86 views

AnythingLLM - Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

7.5CVSS7.1AI score0.29187EPSS
Exploits1References2
Nuclei
Nuclei
•added 6 days ago•86 views

MovableType - Remote Command Injection

MovableType 5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8. 2 and earlier Movable Type Advanced 6 Series, Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified...

9.8CVSS7.5AI score0.88144EPSS
Exploits11References5
Nuclei
Nuclei
•added 6 days ago•86 views

Intelbras WIN 300/WRN 342 - Credentials Disclosure

Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...

7.5CVSS7.1AI score0.63023EPSS
Exploits0References5
Nuclei
Nuclei
•added 6 days ago•86 views

Mlflow - Arbitrary File Write

An attacker can overwrite any file on the server hosting MLflow without any authentication. id: CVE-2023-6018 info: name: Mlflow - Arbitrary File Write author: byt3bl33d3r severity: critical description: | An attacker can overwrite any file on the server hosting MLflow without any authentication...

10CVSS7.2AI score0.47874EPSS
Exploits1References2
Nuclei
Nuclei
•added last week•86 views

Oracle WebLogic Server Local File Inclusion

An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can...

7.5CVSS6.8AI score0.92331EPSS
Exploits6References5
Nuclei
Nuclei
•added 2026/06/16 7:13 a.m.•86 views

Apache Airflow <=1.10.10 - Remote Code Execution

Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending on the executor in us...

8.8CVSS8.5AI score0.99118EPSS
Exploits9References5
Nuclei
Nuclei
•added 2026/06/16 7:13 a.m.•86 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

10CVSS8.5AI score0.98092EPSS
Exploits12References5
Nuclei
Nuclei
•added yesterday•85 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.3AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•85 views

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

6.1CVSS6AI score0.02291EPSS
Exploits2References3
Nuclei
Nuclei
•added yesterday•85 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.2AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•85 views

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

7.8CVSS7.1AI score0.15737EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•85 views

PMB 7.4.6 - Open Redirect

PMB v7.4.6 contains an open redirect vulnerability via the component /opaccss/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2023-24735 info: name:...

6.1CVSS6.4AI score0.0108EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•85 views

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

10CVSS7.3AI score0.13029EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•85 views

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS6AI score0.01865EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•85 views

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

6.1CVSS6.3AI score0.13817EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•85 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
Nuclei
Nuclei
•added yesterday•85 views

CuppaCMS v1.0 - Local File Inclusion

Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. id: CVE-2022-34121 info: name: CuppaCMS v1.0 - Local File Inclusion author: edoardottt severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the...

7.5CVSS7AI score0.03059EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•85 views

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

6.1CVSS6.5AI score0.0591EPSS
Exploits4References5
Nuclei
Nuclei
•added yesterday•85 views

Crestron Device - Credentials Disclosure

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS7.2AI score0.75711EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•85 views

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

7.5CVSS7.1AI score0.08667EPSS
Exploits1References4
Nuclei
Nuclei
•added 2 days ago•85 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.4AI score0.25889EPSS
Exploits4References4
Nuclei
Nuclei
•added 2 days ago•85 views

WordPress WPvivid Backup <0.9.76 - Local File Inclusion

WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...

4.9CVSS6AI score0.18147EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•85 views

KeyCloak - Information Exposure

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients like client secret without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...

6.5CVSS6.5AI score0.17943EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•85 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/managebooking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32026...

7.2CVSS7.1AI score0.05261EPSS
Exploits2References4
Nuclei
Nuclei
•added 2 days ago•85 views

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

9.8CVSS7.1AI score0.3298EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•85 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
Nuclei
Nuclei
•added 6 days ago•85 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS7AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
•added 2026/06/25 5:45 a.m.•85 views

Jira <8.4.0 - Server-Side Request Forgery

Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized...

6.5CVSS6.8AI score0.94453EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•84 views

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

7.5CVSS7.2AI score0.37197EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•84 views

Joomla! Component MS Comment 0.8.0b - Local File Inclusion

A directory traversal vulnerability in the Moron Solutions MS Comment commscomment component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2050 info: name: Joomla! Component MS Comment 0.8.0b - Local File...

7.5CVSS6.1AI score0.13074EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•84 views

WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection

WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead...

8.8CVSS7.2AI score0.04356EPSS
Exploits2References4
Nuclei
Nuclei
•added yesterday•84 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.1AI score0.14759EPSS
Exploits2
Nuclei
Nuclei
•added yesterday•84 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•84 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.2AI score0.61043EPSS
Exploits0References4
Nuclei
Nuclei
•added yesterday•84 views

WordPress Gallery <2.0.0 - Cross-Site Scripting

WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users. id: CVE-2022-1946 info: name: WordPres...

6.1CVSS6.3AI score0.01626EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•84 views

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

5.3CVSS6.1AI score0.09545EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•84 views

Webkul QloApps 1.5.2 - Cross-site Scripting

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and emailcreate parameters in the AuthController.php file. id: CVE-2023-30256 info: name: Webkul QloApps 1.5.2 - Cross-site Scripting author: theamanrawat...

6.1CVSS6.4AI score0.08731EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•84 views

Apache OFBiz - XML External Entity Injection

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS7.1AI score0.25743EPSS
Exploits0
Nuclei
Nuclei
•added 2 days ago•84 views

ASUS GT-AC2900 - Authentication Bypass

ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handlerequest in router/httpd/httpd.c and authcheck in webhook.o. An...

9.8CVSS7.4AI score0.99393EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•84 views

Squirrelmail <=1.4.6 - Local File Inclusion

SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if registerglobals is enabled and magicquotesgpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. id:...

7.5CVSS6.3AI score0.47196EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•84 views

ZTE Cable Modem Web Shell

ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to webshellcmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author:...

10CVSS7.1AI score0.59259EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•84 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•84 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01333EPSS
Exploits1References5
Total number of security vulnerabilities4139