Lucene search
K
NucleiMost viewed

4137 matches found

Nuclei
Nuclei
added yesterday15 views

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

5.3CVSS7.2AI score0.01131EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday15 views

LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS6.2AI score0.00914EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday15 views

YesWiki < 4.5.4 - Cross-Site Scripting

YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...

6.1CVSS5.8AI score0.00498EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7.3AI score0.79807EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday15 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS5.9AI score0.00599EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection

FreePBX Endpoint Manager 17.0.2.36 to = 17.0.2.36 && 17.0.3 - Authenticated Command Injection author: th3y severity: critical description: | FreePBX Endpoint Manager 17.0.2.36 to 17.0.3 contains a command injection caused by improper sanitization in filestore module's testconnection checksshconne...

8.6CVSS7.3AI score0.84618EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday15 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS7AI score0.01813EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

5.3CVSS6AI score0.00654EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.2AI score0.04648EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

Datart v1.0.0-rc.3 - Remote Code Execution

Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...

9.8CVSS6.4AI score0.03008EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Symfony HttpFoundation - Access Control Bypass via PATH_INFO

Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...

7.3CVSS7.1AI score0.01326EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday15 views

Langflow - Broken Access Control

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS7.2AI score0.20655EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection

CBX Bookmark & Favorite WordPress plugin = 2.0.4 contains a SQL injection caused by insufficient escaping of the 'orderby' parameter, letting authenticated attackers with Subscriber-level access extract sensitive database information id: CVE-2025-13652 info: name: WordPress CBX Bookmark & Favorit...

6.5CVSS6AI score0.01077EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Bitrix Site Management 2.x - Open Redirect

Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters. id: CVE-2008-2052 info: name: Bitrix Site Management 2.x - Open Redirect author: pikpikcu,gtrrnr,liangtovi-debug severity: medium...

6.1CVSS6.5AI score0.01568EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF

FluentCRM WordPress plugin = 2.9.87 contains a blind server-side request forgery caused by improper validation of the 'SubscribeURL' parameter, letting unauthenticated attackers make arbitrary web requests, exploit requires unconfigured SES bounce handling key. id: CVE-2026-7798 info: name:...

5.4CVSS6AI score0.00645EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.1AI score0.01623EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday15 views

Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read

An arbitrary file read vulnerability, also known as a "path traversal" or "directory traversal" vulnerability, occurs when an attacker is able to access files on a system that they shouldn't have access to. This vulnerability arises from improper input validation or insufficient access controls i...

8.7CVSS7.4AI score0.02004EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5.9AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added yesterday15 views

10Web Photo Gallery < 1.5.55 - SQL Injection

WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwgsearchx' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwgsearchx' parameter. id:...

9.8CVSS7.4AI score0.05418EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.3AI score0.06199EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday15 views

WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0 id: CVE-2025-49029 info: name: WordPress Custom Login And Signup Widget Plugin = 1.0 -...

9.1CVSS5.9AI score0.02122EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

ETQ Reliance - Reflected XSS via SQLConverterServlet

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

5.1CVSS6.1AI score0.01907EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting

The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript cod...

7.1CVSS7.3AI score0.00654EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

GeoServer - Missing Authorization on REST API Index

GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information. id: CVE-2025-27505 info: name: GeoServer - Missing Authorization on REST API Index author: securitytaters severity: medium...

5.3CVSS5.9AI score0.01022EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting

WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $SERVER'PHPSELF' in the /skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. id: CVE-2021-34643 info: name: WordPress Skaut Bazar 1.3.3 - Cross-Site...

6.1CVSS6.4AI score0.02446EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday15 views

PublishPress Capabilities < 2.3.1 - Missing Authorization

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...

9.8CVSS7.3AI score0.06745EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday15 views

SearchBlox <9.2.2 - Local File Inclusion

SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the...

7.5CVSS7.1AI score0.13975EPSS
Exploits1References5
Nuclei
Nuclei
added 5 days ago15 views

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

7.5CVSS7.1AI score0.80906EPSS
Exploits10References5
Nuclei
Nuclei
added 6 days ago15 views

SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation

SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...

9.8CVSS7.6AI score0.83425EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago15 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.15 views

Gladinet CentreStack & TrioFox - Local File Inclusion

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

7.5CVSS6AI score0.92094EPSS
Exploits4References4
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.15 views

AnythingLLM - Information Disclosure

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

WSO2 Management Console - Authentication Bypass

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

5.3CVSS6.5AI score0.00811EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

10CVSS7.4AI score0.99614EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

5.3CVSS5.6AI score0.1107EPSS
Exploits0
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

AC Smart II - Authentication Bypass

AC Smart II contains an authentication bypass caused by a hidden password reset form that can be manipulated to change the administrator password without verifying login or permissions, letting attackers change admin passwords without authorization. id: CVE-2025-10204 info: name: AC Smart II -...

7.1CVSS7.1AI score0.00451EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

AWStats <= 7.5 - Full Path Disclosure

AWStats 7.6 contains a full path disclosure caused by improper handling of framename and update parameters in awstats.pl, letting remote attackers determine server file paths, exploit requires sending crafted parameters. id: CVE-2018-10245 info: name: AWStats = 7.5 - Full Path Disclosure author:...

5.3CVSS6.9AI score0.01917EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

5.4CVSS7.3AI score0.01104EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion

Traccar 5.8-6.0 non-default installs with web.override set and 6.1-6.8.1 default installs contain a local file inclusion vulnerability caused by enabled web override configuration, letting unauthenticated attackers leak arbitrary files including passwords, exploit requires local access. id:...

8.7CVSS8.7AI score0.01196EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

N-central - Authentication Bypass

N-central 3 matchers-condition: and matchers: - type: word words: - "SessionID" - "sessionHelloResponse" condition: and - type: status...

6.9CVSS7AI score0.37335EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday14 views

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

5.4CVSS6.8AI score0.04132EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday14 views

Cisco Finesse - Server-Side Request Forgery (SSRF)

Cisco Finesse contains an SSRF caused by insufficient validation of user-supplied input in HTTP requests, letting unauthenticated remote attackers access limited sensitive information, exploit requires sending crafted HTTP requests. id: CVE-2024-20404 info: name: Cisco Finesse - Server-Side Reque...

7.2CVSS7.1AI score0.231EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Polyaxon - Unauthenticated Directory Traversal

Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication. id: CVE-2024-9362 info: name: Polyaxon - Unauthenticated Directory...

7.5CVSS7AI score0.04245EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.4AI score0.80188EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday14 views

TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal

TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...

7.5CVSS5.9AI score0.17601EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

FatPipe WARP/IPVPN/MPVPN - Backdoor Account

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain an account named "cmuser" with administrative privileges and no password, letting attackers gain unauthorized admin access, exploit requires no authentication. id: CVE-2021-27856 info: name: FatPipe...

9.8CVSS7.2AI score0.05598EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday14 views

Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

5.4CVSS6.8AI score0.04241EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS7.4AI score0.87565EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday14 views

NotificationX Dropshipping < 4.4 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection id: CVE-2022-3481 info: name: NotificationX Dropshipping 4.4 - SQL Injection author: ritikchaddha severity: critical...

9.8CVSS7.2AI score0.03686EPSS
Exploits2References2
Total number of security vulnerabilities4137