Lucene search
K
NucleiMost viewed

4137 matches found

Nuclei
Nuclei
added yesterday23 views

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.5AI score0.02168EPSS
Exploits0References2
Nuclei
Nuclei
added 5 days ago23 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.4AI score0.50694EPSS
Exploits5References4
Nuclei
Nuclei
added 5 days ago23 views

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

7.5CVSS7.2AI score0.47137EPSS
Exploits1References4
Nuclei
Nuclei
added 5 days ago23 views

Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...

9.8CVSS7.5AI score0.54754EPSS
Exploits5References4
Nuclei
Nuclei
added 5 days ago23 views

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

9.8CVSS7.5AI score0.65342EPSS
Exploits1References7
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.23 views

Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

10CVSS7.8AI score0.99199EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday22 views

Themes Coder Ecommerce <= 1.3.4 - SQL Injection

The Themes Coder Ecommerce WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-13726 info: name: Themes Coder Ecommerce = 1.3.4 - SQL...

8.6CVSS7.2AI score0.01909EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS6AI score0.02101EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday22 views

Quest KACE SMA /common/run_cross_report.php 'fmt' XSS

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. id: CVE-2018-11133 info: name: Quest KACE SMA /common/runcrossreport.php 'fmt' XSS author: iamnoooob,pdresearch severity: medium...

6.1CVSS6.6AI score0.07271EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday22 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS5.9AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday22 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS7.8AI score0.02207EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

Arcserve UDP <= 9.0.6034 - Authentication Bypass

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

9.8CVSS7.2AI score0.37715EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday22 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...

5.3CVSS6.5AI score0.18832EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday22 views

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.4AI score0.12527EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday22 views

SAP Solution Manager - Open Redirect

SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-26836 info: name: SAP Solution Manager - Open...

6.1CVSS6.2AI score0.02338EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS5.9AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

UserPro <= 5.1.1 - Authentication Bypass

The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...

9.8CVSS7.2AI score0.06801EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday22 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7.2AI score0.0293EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...

5.8CVSS6.2AI score0.02698EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS5.9AI score0.0239EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.5AI score0.01765EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests. id: CVE-2024-3231 info: name: Popup4Phone = 1.3.2 - Unauthenticated...

6.1CVSS5.8AI score0.00684EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday22 views

SiYuan Note <= 3.6.5 - Authentication Bypass

SiYuan Note 3.6.5 and prior is vulnerable to authentication bypass. The CheckAuth middleware unconditionally trusted all chrome-extension:// origins, granting RoleAdministrator access without token validation to any request with a spoofed Origin header. Fixed in v3.7.0. id: CVE-2026-54069 info:...

9.2CVSS6AI score0.00607EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

7.5CVSS6AI score0.01727EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2024-7354 info: name: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting...

6.1CVSS5.9AI score0.00662EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Navidrome < 0.53.0 - Authenticated SQL Injection

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

9.4CVSS7.3AI score0.04457EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday22 views

CyberPanel v2.3.6 Pre-Auth Remote Code Execution

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...

10CVSS7.7AI score0.86725EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday22 views

SugarCRM Unauthenticated - Remote Code Execution

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. id: CVE-2023-22952 info: name: SugarCRM Unauthenticated - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: high description: |...

8.8CVSS7.4AI score0.80274EPSS
Exploits4References1
Nuclei
Nuclei
added yesterday22 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS7.7AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added yesterday22 views

Piwigo - Cross-Site Scripting

Piwigo is vulnerable to a reflected XSS in the admin panel where the pluginid parameter is not properly sanitized. id: CVE-2023-44393 info: name: Piwigo - Cross-Site Scripting author: ritikchaddha severity: medium description: | Piwigo is vulnerable to a reflected XSS in the admin panel where the...

9.3CVSS6.4AI score0.01277EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Timesheet Plugin < 0.1.5 - Cross-Site Scripting

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. id: CVE-2017-18590 info: name: Timesheet Plugin 0.1.5 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. impact: | Authenticated...

6.1CVSS6.4AI score0.01404EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

CyberPower < v2.8.3 - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32739 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/ndconfig?mode=&uid=1'%20UNION%20select%201,2,3,sqliteversion;--"...

7.5CVSS6AI score0.05408EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday22 views

WordPress Customize Login Image <3.5.3 - Cross-Site Scripting

WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-33851 info: name: WordPress Customi...

5.4CVSS6AI score0.01318EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

6.1CVSS6.3AI score0.07781EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday22 views

TileServer GL <=3.0.0 - Cross-Site Scripting

TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page. id: CVE-2020-15500 info: name: TileServer GL =3.0.0 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.12224EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday22 views

Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18542 info: name: Zendesk Help Center by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The zendesk-help-center plugin before 1.0.5 for WordPress has...

6.1CVSS6.4AI score0.01388EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.3AI score0.03462EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday22 views

WeiPHP 5.0 - SQL Injection

WeiPHP 5.0 contains a SQL injection vulnerability via the wpwhere function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-20300 info: name: WeiPHP 5.0 - SQL...

9.8CVSS7.3AI score0.08752EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Vite Development Server - Path Traversal

Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files. id: CVE-2025-31125 info: name: Vite Development Server...

7.5CVSS6.6AI score0.58765EPSS
Exploits9References4
Nuclei
Nuclei
added yesterday22 views

WordPress Cab fare calculator < 1.0.4 - Local File Inclusion

The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. id: CVE-2022-1391 info: name: WordPress Cab fare calculator 1.0.4 - Local File Inclusion author: Splint3r7...

9.8CVSS7.2AI score0.13592EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday22 views

WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting

WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page. id: CVE-2021-24335 info: name: WordPress Car Repair Services & Auto Mechanic Them...

6.1CVSS6.3AI score0.03884EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday22 views

Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion

Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the...

7.5CVSS7AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.1AI score0.00555EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6.3AI score0.03054EPSS
Exploits2References2
Nuclei
Nuclei
added 5 days ago22 views

UniFi Access - Broken Access Control

UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access. id: CVE-2025-52665 info: name:...

10CVSS7.4AI score0.40972EPSS
Exploits0References3
Nuclei
Nuclei
added 5 days ago22 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
Nuclei
Nuclei
added 5 days ago22 views

rConfig 3.9.4 - Cross-Site Scripting

The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in deviceId GET parameter of devicemgmnt.php resulting in...

5.4CVSS6.4AI score0.92797EPSS
Exploits1References5
Nuclei
Nuclei
added 5 days ago22 views

Atlassian Confluence < 5.8.6 - Server-Side Request Forgery

Confluence Server and Data Center before 5.8.6 contain a blind server-side request forgery caused by the WidgetConnector plugin, letting remote attackers manipulate internal network resources, exploit requires network access to the server. id: CVE-2021-26072 info: name: Atlassian Confluence 5.8.6...

4.3CVSS6AI score0.38845EPSS
Exploits0References4
Total number of security vulnerabilities4137