Lucene search
K
NucleiMost viewed

4137 matches found

Nuclei
Nuclei
added 6 days ago15 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

WSO2 Management Console - Authentication Bypass

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

5.3CVSS6.5AI score0.00811EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

10CVSS7.4AI score0.99614EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

5.3CVSS5.6AI score0.1107EPSS
Exploits0
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

AWStats <= 7.5 - Full Path Disclosure

AWStats 7.6 contains a full path disclosure caused by improper handling of framename and update parameters in awstats.pl, letting remote attackers determine server file paths, exploit requires sending crafted parameters. id: CVE-2018-10245 info: name: AWStats = 7.5 - Full Path Disclosure author:...

5.3CVSS6.9AI score0.01917EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

5.4CVSS7.3AI score0.01104EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion

Traccar 5.8-6.0 non-default installs with web.override set and 6.1-6.8.1 default installs contain a local file inclusion vulnerability caused by enabled web override configuration, letting unauthenticated attackers leak arbitrary files including passwords, exploit requires local access. id:...

8.7CVSS8.7AI score0.01196EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

N-central - Authentication Bypass

N-central 3 matchers-condition: and matchers: - type: word words: - "SessionID" - "sessionHelloResponse" condition: and - type: status...

6.9CVSS7AI score0.37335EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday14 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7.2AI score0.15831EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday14 views

Cisco Finesse - Server-Side Request Forgery (SSRF)

Cisco Finesse contains an SSRF caused by insufficient validation of user-supplied input in HTTP requests, letting unauthenticated remote attackers access limited sensitive information, exploit requires sending crafted HTTP requests. id: CVE-2024-20404 info: name: Cisco Finesse - Server-Side Reque...

7.2CVSS7.1AI score0.231EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

ICTBroadcast - Command Injection

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...

9.3CVSS7.7AI score0.0604EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday14 views

Polyaxon - Unauthenticated Directory Traversal

Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication. id: CVE-2024-9362 info: name: Polyaxon - Unauthenticated Directory...

7.5CVSS7AI score0.04245EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.4AI score0.80188EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday14 views

WordPress 3D FlipBook <= 1.16.17 - Information Disclosure

WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...

5.3CVSS6AI score0.00892EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

Citrix SD-WAN and NetScaler SD-WAN - SQL Injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 contain an SQL injection vulnerability. An unauthenticated attacker can exploit improper validation of input in specific components, which could allow for execution of arbitrary SQL queries against the backend database...

9.8CVSS7.4AI score0.94046EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday14 views

ECT Home Page Products - Reflected XSS

ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday14 views

FatPipe WARP/IPVPN/MPVPN - Backdoor Account

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain an account named "cmuser" with administrative privileges and no password, letting attackers gain unauthorized admin access, exploit requires no authentication. id: CVE-2021-27856 info: name: FatPipe...

9.8CVSS7.2AI score0.05598EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday14 views

Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

5.4CVSS6.8AI score0.04241EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS7.4AI score0.87565EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday14 views

NotificationX Dropshipping < 4.4 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection id: CVE-2022-3481 info: name: NotificationX Dropshipping 4.4 - SQL Injection author: ritikchaddha severity: critical...

9.8CVSS7.2AI score0.03686EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday14 views

NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...

10CVSS7.1AI score0.62307EPSS
Exploits5
Nuclei
Nuclei
added yesterday14 views

Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. id: CVE-2020-115...

9.8CVSS7.3AI score0.09106EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday14 views

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

7.5CVSS7AI score0.08669EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday14 views

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...

5.3CVSS7AI score0.21657EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday14 views

WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday14 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Yonyou YonBIP - Path Traversal

Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information. id: CVE-2025-66744 info: name: Yonyou YonBIP - Path Traversal author:...

7.5CVSS7.2AI score0.01446EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

Musicbox WordPress - Reflected XSS

contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13327 info:...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.6AI score0.81814EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS5.9AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS6AI score0.01342EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.2AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.3AI score0.0692EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday14 views

LG LED Assistant - Thumbnail Path Traversal File Upload

A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...

9.8CVSS6.1AI score0.66969EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

WordPress Backup Migration <= 1.3.6 - Path Traversal

WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...

7.5CVSS7AI score0.02072EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday14 views

Vite Dev Server - Information Exposure

Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...

7.5CVSS7.1AI score0.03152EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.3AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.9AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Dozzle - Server Side Request Forgery

Dozzle prior to 10.5.2 contains a server-side request forgery caused by unauthenticated access to POST /api/notifications/test-webhook forwarding attacker-controlled URLs, letting remote attackers send arbitrary HTTP POST requests and receive response data, exploit requires no authentication. id:...

8.6CVSS6.1AI score0.01491EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7.1AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday14 views

Login Configurator <=2.1 - Cross-Site Scripting

Login Configurator WordPress plugin = 2.1 contains a reflected cross-site scripting caused by improper escaping of URL parameter before outputting it to the page, letting attackers execute scripts in the context of site administrators, exploit requires victim to visit a malicious URL. id:...

6.1CVSS6.7AI score0.00712EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday14 views

IceWarp Mail Server ≤11.4.0 - Open Redirect

IceWarp Mail Server version 11.4.0 and below contains an open redirect vulnerability that allows attackers to redirect users to arbitrary external domains through malicious URLs. id: CVE-2025-40630 info: name: IceWarp Mail Server ≤11.4.0 - Open Redirect author: DhiyaneshDK severity: medium...

6.1CVSS6AI score0.00425EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF)

OneNav v0.9.35-20240318 is vulnerable to server-side request forgery SSRF via the url parameter in the getlinkinfo API. An attacker can force the server to make arbitrary requests, potentially accessing internal resources. id: CVE-2024-33832 info: name: OneNav v0.9.35-20240318 - Server-Side Reque...

6.3CVSS6.1AI score0.0072EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

Zeroshell 3.9.3 - Command Injection

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. id: CVE-2020-29390 info: name: Zeroshell 3.9.3 - Command...

10CVSS7.3AI score0.36672EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

PHPSHE 1.7 - SQL Injection

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. id: CVE-2019-9762 info: name: PHPSHE 1.7 - SQL Injection author: DhiyaneshDK severity: critical description: | A SQL Injection was...

9.8CVSS7.3AI score0.05051EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

LabKey Server 19.1.0 - XML External Entity (XXE)

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. id: CVE-2019-9757 info: name: LabKey Server 19.1.0 - XML External Entity XXE author: ritikchaddha...

7.5CVSS7AI score0.37336EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS6.5AI score0.09901EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

9.8CVSS7.4AI score0.0955EPSS
Exploits1References3
Total number of security vulnerabilities4137