4139 matches found
Grafana Post-Auth DuckDB - SQL Injection To File Read
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafte...
Rukovoditel <= 3.2.1 - Cross-Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
A directory traversal vulnerability in the Jimtawl comjimtawl component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. dot dot in the task parameter to index.php. id: CVE-2010-4769 info: name: Joomla! Component Jimtawl 1.0.2 - Local...
WordPress English Admin <1.5.2 - Open Redirect
WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admincustomlanguagereturnurl before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...
osCommerce 2.3.4.1 - Remote Code Execution
osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...
ICTBroadcast - Command Injection
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting
The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...
Plone Docker - Host Header Injection
Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...
Give WP Plugin < 3.19.0 - Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr comjoomlaflickr component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1980 info: name: Joomla! Component...
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. id: CVE-2012-0901 info: name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting author: daffainfo...
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. id: CVE-2012-4768 info: name: WordPress Plugin Download Monitor 3.3.5.9 - Cross-Site...
Joomla! Component Matamko 1.01 - Local File Inclusion
A directory traversal vulnerability in the Matamko commatamko component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1495 info: name: Joomla! Component Matamko 1.01 - Local File Inclusion author: daffainfo...
Chyrp 2.x - Local File Inclusion
A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, a different vulnerability than CVE-2011-2744. id: CVE-2011-2780 info: name: Chyrp 2.x - Local File Inclusion author: daffainf...
PacsOne Server <7.1.1 - Cross-Site Scripting
PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting. id: CVE-2020-29164 info: name: PacsOne Server 7.1.1 - Cross-Site Scripting author: geeknik severity: medium description: PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting...
Jira Improper Authorization
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. id: CVE-2019-8446 info: name: Jira Improper Authorization author: dhiyaneshDk severity: medium description: The /rest/issueNav/1/issueTable...
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion
Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...
Atlassian Jira Seraph - Authentication Bypass
Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also...
rConfig 3.9.6 - Local File Inclusion
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. id: CVE-2021-29006 info: name: rConfig 3.9.6 - Local File Inclusion author: r3Y3r53 severity: medium description: | rConfig 3.9.6 is affected by a Local File...
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...
WordPress CTHthemes - Cross-Site Scripting
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query. id: CVE-2019-20210 info: name: WordPress CTHthemes - Cross-Site Scripting author: edoardottt severity: medium description: |...
Metinfo 7.0.0 beta - SQL Injection
Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter. id: CVE-2019-16996 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...
Prestashop Blockwishlist 2.1.0 SQL Injection
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability. id: CVE-2022-31101 info: name: Prestashop Blockwishlist 2.1.0 SQL Injection author: mastercho severity: high description: | Prestashop Blockwishlist module version 2.1.0 suffers from a...
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...
ChanCMS <= 3.3.0 - Server-Side Request Forgery
yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...
WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...
Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting
Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...
ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API
changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...
Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...
WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affecte...
WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability
WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. id: CVE-2022-27849 info: name: WordPress Simple Ajax...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...
MLflow Job API - Authentication Bypass
MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...
Safe Editor Plugin < 1.2 - CSS/JS-injection
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS. id: CVE-2016-10976 info: name: Safe Editor Plugin 1.2 - CSS/JS-injection author: Splint3r7 severity: medium description: | The safe-editor plugin before 1.2 for WordPress has no sesave authentication...
Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18562 info: name: Error Log Viewer by BestWebSoft 1.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS...
Cofax <=2.0RC3 - Cross-Site Scripting
Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. id: CVE-2005-4385 info: name: Cofax =2.0RC3 - Cross-Site Scripting author: geeknik severity: medium descriptio...
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...
Novius OS 5.0.1-elche - Open Redirect
Novius OS 5.0.1 Elche allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. id: CVE-2015-5354 info: name: Novius OS 5.0.1-elche - Open Redirect author: 0xAkoko severity: medium description: Novius OS...
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...
Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
The sender plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18564 info: name: Sender by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The sender plugin before 1.2.1 for WordPress has multiple XSS issues. impact: | Authenticat...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a sessionid cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. id: CVE-2016-7552...
Mlflow <2.8.0 - Local File Inclusion
Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2023-6977...
CirCarLife <4.3 - Improper Authentication
CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...
Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...
Joomla! Component Magic Updater - Local File Inclusion
A directory traversal vulnerability in the Magic Updater comjoomlaupdater component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1307 info: name: Joomla! Component Magic Updater - Local File Inclusion author:...
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...