4139 matches found
MapTiler Tileserver-php v2.0 - Unauthenticated XSS
MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter "layer" in an error message, letting unauthenticated attackers execute arbitrary script on victim browsers. id: CVE-2025-44136 info: name: MapTiler Tileserver-php v2.0 - Unauthenticated XSS...
Grafana - Exposes DingDing API Keys
An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight in versions below or equals to 12.0.1. id: CVE-2025-3415 info: name: Grafana - Exposes DingDing API Keys author: lucasribolli severity: medium description: | An inciden...
Netsweeper 4.0.3 - Cross-Site Scripting
A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...
LiteLLM - Arbitrary File Read
LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...
WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...
Apache2 - Transfer-Encoding Chunked XSS
Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
EasyCVR <=2.1.2 - Information Disclosure
A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit ha...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters. id: CVE-2018-20009 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD...
Icinga Web 2 - Arbitrary File Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...
Quest KACE System Management Appliance 8.0.318 - Remote Code Execution
The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. id: CVE-2018-11138 info: name: Quest KACE System Management Appliance 8.0.318 - Remote Code Executi...
Cisco ISE - Remote Code Execution
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...
Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...
WordPress <= 6.2 - Server Side Request Forgery
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...
Piano LED Visualizer 1.3 - Local File Inclusion
Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. id: CVE-2022-24900 info: name: Piano LED Visualizer 1.3 - Local File Inclusion author: 0xAkoko severity: high description: | Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. impact: | An attacker...
Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page. id: CVE-2021-24495 info: name: Wordpress Marmoset Viewer 1.9.3 - Cross-Site Scripting author:...
WordPress Integrator 1.32 - Cross-Site Scripting
A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...
WordPress Easy Student Results <=2.2.8 - Improper Authorization
WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...
Joomla! Component LoginBox - Local File Inclusion
A directory traversal vulnerability in the LoginBox Pro comloginbox component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1353 info: name: Joomla! Component LoginBox - Local File Inclusion author: daffainfo severity...
Joomla! Component Picasa 2.0 - Local File Inclusion
A directory traversal vulnerability in the Picasa comjoomlapicasa2 component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1306 info: name: Joomla! Component Picasa 2.0 - Local File Inclusion...
Joomla! Component JRadio - Local File Inclusion
A directory traversal vulnerability in JRadio comjradio component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-4719 info: name: Joomla! Component JRadio - Local File Inclusion...
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...
Joomla! Component ZiMBCore 0.1 - Local File Inclusion
A directory traversal vulnerability in the ZiMB Core aka ZiMBCore or comzimbcore component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id:...
Enigma NMS < 65.0.0 - Authenticated OS Command Injection
An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...
Cockpit < 2.4.1 - Arbitrary File Upload
Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extensions to bypass the upload filter. id: CVE-2025-1025 info: name: Cockpit 2.4.1 - Arbitrary File Upload author: iamnoooob,rootxharsh,pdresearch severity: high...
IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure
IP2Location Country Blocker plugin for WordPress up to version 2.38.8 contains a regular information exposure caused by missing capability checks on admininit, letting unauthenticated attackers view plugin settings, exploit requires no special conditions. id: CVE-2025-1361 info: name: IP2Location...
AdPush < 1.44 - Cross-Site Scripting
The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multiple XSS issues. id: CVE-2017-18487 info: name: AdPush 1.44 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multip...
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...
Woo Inquiry <= 0.1 - SQL Injection
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...
Joomla! Component Canteen 1.0 - Local File Inclusion
A SQL injection vulnerability in menu.php in the Canteen comcanteen component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. id: CVE-2010-4977 info: name: Joomla! Component Canteen 1.0 - Local File Inclusion author: daffainfo...
WebGlimpse 2.18.7 - Directory Traversal
A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the DOC parameter. id: CVE-2009-5114 info: name: WebGlimpse 2.18.7 - Directory Traversal author: daffainfo severity: medium description: A...
Cockpit - Cross-Site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. id: CVE-2023-4451 info: name: Cockpit - Cross-Site Scripting author: iamnoooob,pdresearch severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior...
LearnPress < 4.3.2 - Broken Access Control
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...
Apache Unomi <1.5.2 - Remote Code Execution
Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...
Microweber < V.2.0 - Cross-Site Scripting
Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint. id: CVE-2023-5244 info: name: Microweber V.2.0 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Reflected Cross-Site Scripting Vulnerability in types GET paramete...
IceWarp Webmail Server v10.2.1 - Cross Site Scripting
Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-37728 info: name: IceWarp Webmail Server v10.2.1 - Cross Site Scripting author: technicaljunkie,r3Y3r53 severity: medium description: | Icewarp Icearp v10.2.1 was...
Swim Team <= v1.44.10777 - Local File Inclusion
The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. id: CVE-2015-5471 info: name: Swim Team = v1.44.10777 - Local File Inclusion author: 0xAkoko severity: medium description: The program...
LolLMS < 2.2.0 - Server-Side Request Forgery
A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...
WordPress Plugin Tera Charts - Local File Inclusion
Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...
XXL-JOB v2.2.0 — Stored Cross Site Scripting
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...
AudioCodes 420HD - Remote Code Execution
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. id: CVE-2018-10093 info: name: AudioCodes 420HD - Remote Code Execution author: wisnupramoedya severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow...
Open Web Analytics 1.7.3 - Remote Code Execution
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
QNAP Photo Station - Path Traversal
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. id: CVE-2019-7195 info: name: QNAP Photo Station - Path Traversal author: s4e-io severity: critical description: | QNAP devices running Pho...
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...
LiteLLM - SQL Injection
LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...
Majordomo2 - SMTP/HTTP Directory Traversal
A directory traversal vulnerability in the listfileget function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. dot dot sequences in the help command, as demonstrated using 1 a crafted email and 2 cgi-bin/mjwwwusr in the web interface. id:...
Windows Server Update Service - Insecure Deserialization
Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. id: CVE-2025-59287 info:...
ZTE ZXHN-F660T/F660A - Default Credentials
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. id: CVE-2025-53558 info: name: ZTE ZXHN-F660T/F660A - Default Credentials author: DhiyaneshDK severity: high...