4139 matches found
Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...
XWiki < 4.10.15 - Information Disclosure
The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some protected...
Grafana v8.x - Arbitrary File Read
Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is /public/plugins/NAME/, where NAME is the plugin ID for any installed plugin. id: CVE-2021-43798 info: name: Grafana v8.x - Arbitrary File Read autho...
Microsoft SQL Server Reporting Services - Remote Code Execution
Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests. id: CVE-2020-0618 info: name: Microsoft SQL Server Reporting Services - Remote Code Execution author: joeldeleep severity: high description: Microsoft SQL...
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcardRecursive endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remot...
nostromo 1.9.6 - Remote Code Execution
nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function httpverify. id: CVE-2019-16278 info: name: nostromo 1.9.6 - Remote Code Execution author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an...
Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE
The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...
PowerJob <=4.3.2 - Unauthenticated Access
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...
Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
Bylancer Quicklancer 2.4 G - SQL Injection
A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database. id: CVE-2024-7188 inf...
Mastodon - Open Redirect
Mastodon version 4.5.8, 4.4.15, 4.3.21 is vulnerable to unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. id: CVE-2026-33868 info: name: Mastodon - Open Redirect author: theamanrawat severity: medium description: |...
WordPress Page Views Count <2.4.15 - SQL Injection
WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execu...
EPrints 3.4.2 - Cross-Site Scripting
EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset dictionary URI. id: CVE-2021-26702 info: name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...
WordPress JSmol2WP <=1.07 - Local File Inclusion
WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...
Rocket.Chat <3.9.1 - Information Disclosure
Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-28208 info: name: Rocket.Chat 3.9.1 -...
SupportCandy < 3.1.5 - Unauthenticated SQL Injection
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. id: CVE-2023-1730 info: name: SupportCandy 3.1.5 - Unauthenticated SQL Injection author:...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...
Sercomm VD625 Smart Modems - CRLF Injection
Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...
WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...
Drawio <18.0.4 - Server-Side Request Forgery
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...
AirFlow < 2.4.0 - Remote Code Execution
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. id: CVE-2022-40127 info: name: AirFlow 2.4.0 -...
GeoServer RCE in Evaluating Property Name Expressions
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expression...
Rails File Content Disclosure
Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...
Joomla! Webservice - Password Disclosure
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...
WordPress Simple File List <=4.2.2 - Remote Code Execution
An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint ee-upload-engine.php restricts file uploads based on extension, but lacks proper validatio...
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...
WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...
WordPress WP Courses Plugin Information Disclosure
WordPress WP Courses Plugin 2.0.29 contains a critical information disclosure which exposes private course videos and materials. id: CVE-2020-26876 info: name: WordPress WP Courses Plugin Information Disclosure author: dwisiswant0 severity: high description: WordPress WP Courses Plugin 2.0.29...
phpMyAdmin < 5.1.2 - Cross-Site Scripting
An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. id: CVE-2022-23808 info: name: phpMyAdmin 5.1.2 - Cross-Site Scripting author: cckuailong,daffainfo severity...
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. id: CVE-2021-21389 info: name: BuddyPress REST API 7.2.1 - Privilege Escalation/Remote Code Execution author: lotusdll severity: high descriptio...
YeaLink DM 3.6.0.20 - Remote Command Injection
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...
Owncast - Server Side Request Forgery
Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...
Tenda Router AC11 - Remote Command Injection
Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-31755 info: name: Tenda Router AC11 - Remote Comman...
WP-Recall <= 16.26.5 - SQL Injection
The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
Lansweeper Unauthenticated SQL Injection
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. id: CVE-2019-13462 info: name: Lansweeper Unauthenticated SQL Injection author: divyamudgal severity: critical description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. impact: | This vulnerability can lead to...
Ray API - Local File Inclusion
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. id: CVE-2023-6021 info: name: Ray API - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's log API endpoint allows attackers to read any file on the server withou...
Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...
MinIO Browser API - Server-Side Request Forgery
MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...
Suprema BioStar <2.8.2 - Local File Inclusion
Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...
TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection
TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...