Lucene search
K
NucleiMost viewed

4139 matches found

Nuclei
Nuclei
added 2 days ago177 views

OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

8.8CVSS7.2AI score0.03536EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.177 views

WP Fastest Cache 1.2.2 - SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...

7.5CVSS7.2AI score0.73708EPSS
Exploits11References5
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.177 views

Ruckus Wireless Admin - Remote Code Execution

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request. id: CVE-2023-25717 info: name: Ruckus Wireless Admin - Remote Code Execution author: parthmalhotra,pdresearch severity: critical description: | Ruckus Wireless Admin through 10.4 allows Remote...

9.8CVSS7.6AI score0.95326EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.177 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

9.8CVSS8.1AI score0.93168EPSS
Exploits18References5
Nuclei
Nuclei
added 2 days ago175 views

LearnPress <= 4.2.5.7 - SQL Injection

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS7.1AI score0.51394EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago175 views

DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

9.8CVSS7.3AI score0.4871EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.175 views

Dahua IPC/VTH/VTO - Authentication Bypass

Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. id: CVE-2021-33044 info: name: Dahua IPC/VTH/VTO - Authentication Bypass author: gy741 severity: critical description: Some...

10CVSS7.5AI score0.99871EPSS
Exploits12References5
Nuclei
Nuclei
added yesterday174 views

Apache Airflow <1.10.14 - Authentication Bypass

Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session. id: CVE-2020-17526 info: name: Apache Airflow 1.10.14 -...

7.7CVSS7AI score0.23336EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago174 views

WordPress NotificationX <2.3.9 - SQL Injection

WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nxid parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify dat...

9.8CVSS7.3AI score0.34359EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday173 views

Telesquare TLR-2005KSH - Remote Command Execution

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through...

8.8CVSS6.5AI score0.05848EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday173 views

CMSimple 3.1 - Local File Inclusion

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when registerglobals is enabled which allows remote attackers to include and execute arbitrary local files via a .. dot dot in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...

6.8CVSS6.3AI score0.18809EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago173 views

Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS6.4AI score0.56147EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.173 views

FortiLogger 4.4.2.2 - Arbitrary File Upload

FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...

9.8CVSS8.5AI score0.97512EPSS
Exploits8References5
Nuclei
Nuclei
added 6 days ago172 views

Apache OFBiz < 17.12.07 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack id: CVE-2021-29200 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: your3cho severity: critical description: | Apache OFBiz has unsafe deserialization prior to...

9.8CVSS7.4AI score0.5537EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday171 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.5AI score0.03333EPSS
Exploits1References6
Nuclei
Nuclei
added 6 days ago171 views

Adobe Coldfusion - Cross-Site Scripting

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within th...

6.1CVSS6.5AI score0.84811EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.171 views

ServiceNow UI Macros - Template Injection

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS8.8AI score0.99976EPSS
Exploits8References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.170 views

Ivanti Sentry - Authentication Bypass

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. id: CVE-2023-38035 info: name: Ivanti...

9.8CVSS8.8AI score0.99949EPSS
Exploits6References5
Nuclei
Nuclei
added 2 days ago169 views

WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery

WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

7.2CVSS6.8AI score0.40506EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.169 views

NUUO NVR camera `debugging_center_utils_.php` - Command Execution

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. id: CVE-2016-5674 info: name: NUUO NVR camera debuggingcenterutils.p...

10CVSS9.1AI score0.9461EPSS
Exploits11References2
Nuclei
Nuclei
added 2 days ago168 views

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...

7.5CVSS7.1AI score0.55736EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday167 views

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

5.4CVSS6.3AI score0.01675EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday167 views

MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS7.2AI score0.02421EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago167 views

User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation

The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'preparemembersdata' function. This makes it possible for unauthenticated attackers to create newuser...

8.1CVSS7.2AI score0.44565EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.167 views

Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. id: CVE-2016-4437 info: name: Apache Shiro 1.2.4 Cookie RememberME -...

9.8CVSS7.5AI score0.93143EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.167 views

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

10CVSS7.8AI score0.98376EPSS
Exploits7References7
Nuclei
Nuclei
added yesterday166 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS6AI score0.02618EPSS
Exploits6References2
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.166 views

Docassemble - Local File Inclusion

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS7AI score0.69486EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.166 views

Jenkins Script Security Plugin <=1.49 - Sandbox Bypass

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin versions 1.49 and earlier within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on th...

8.8CVSS7.1AI score0.98428EPSS
Exploits17References6
Nuclei
Nuclei
added yesterday165 views

ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

7.2CVSS7.1AI score0.13894EPSS
Exploits14References4
Nuclei
Nuclei
added 6 days ago165 views

PAN-OS Management Web Interface - Authentication Bypass

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

9.8CVSS7.3AI score0.99698EPSS
Exploits18References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.165 views

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note...

7.5CVSS8.7AI score0.94557EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday164 views

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

9.1CVSS7.2AI score0.09232EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago164 views

Gibbon v25.0.0 - Local File Inclusion

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI vulnerability where it's possible to include the content of several files present in the installation folder in the server's response. id: CVE-2023-34598 info: name: Gibbon v25.0.0 - Local File Inclusion author: DhiyaneshDk severity:...

9.8CVSS7.2AI score0.47238EPSS
Exploits3References5
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.164 views

Ntopng Authentication Bypass

Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...

9.8CVSS9.2AI score0.14195EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday163 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.3AI score0.17894EPSS
Exploits1References2
Nuclei
Nuclei
added 6 days ago163 views

Dompdf < v0.6.0 - Local File Inclusion

A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a...

6.8CVSS7.3AI score0.39374EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday162 views

ThinVNC - Authentication Bypass

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...

10CVSS7.2AI score0.11027EPSS
Exploits2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.162 views

DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution

DotNetNuke DNN versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution. id: CVE-2017-9822 info: name: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution author: milo2012 severity: high description: DotNetNuke DNN...

8.8CVSS8.4AI score0.94789EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.161 views

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

9.8CVSS7.6AI score0.8883EPSS
Exploits11References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.161 views

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.8AI score0.99427EPSS
Exploits10References5
Nuclei
Nuclei
added yesterday160 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS7AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago160 views

Microsoft Exchange Server SSRF Vulnerability

This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or...

9.8CVSS7.8AI score0.99999EPSS
Exploits67References5
Nuclei
Nuclei
added yesterday159 views

XWiki - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02048EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday159 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7.1AI score0.03757EPSS
Exploits1
Nuclei
Nuclei
added 2 days ago159 views

SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass

The SureTriggers- All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...

8.1CVSS7.3AI score0.76126EPSS
Exploits8References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.159 views

PaperCut - Unauthenticated Remote Code Execution

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

9.8CVSS9.2AI score0.99999EPSS
Exploits24References5
Nuclei
Nuclei
added yesterday158 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago158 views

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS7.2AI score0.85247EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago158 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS6.2AI score0.81875EPSS
Exploits4References4
Total number of security vulnerabilities4139