Lucene search
K
NucleiMost viewed

4136 matches found

Nuclei
Nuclei
added 20 hours ago122 views

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

9.4CVSS8AI score0.7889EPSS
Exploits3References3
Nuclei
Nuclei
added 20 hours ago121 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.5AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago121 views

ECTouch v2 - SQL Injection

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...

9.8CVSS7.2AI score0.04109EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago121 views

Dreambox WebControl 2.0.0 - Cross-Site Scripting

Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. id: CVE-2017-15287 info: name: Dreambox WebControl 2.0.0 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.05568EPSS
Exploits5References4
Nuclei
Nuclei
added 20 hours ago121 views

H2O ImportFiles - Local File Inclusion

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. id: CVE-2023-6038 info: name: H2O ImportFiles - Local File Inclusion author: danmcinerney,byt3bl33d3r severity: high description: | An attacker is able to read any file on the server hosting t...

9.3CVSS7.2AI score0.0434EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago121 views

Dolibarr ERP CMS `list.php` - SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. id: CVE-2024-5315 info: name: Dolibarr ERP CMS list.php - SQL Injection author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0....

9.1CVSS7.2AI score0.32872EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday121 views

AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to read all fil...

7.5CVSS7.1AI score0.17345EPSS
Exploits2References5
Nuclei
Nuclei
added 6 days ago121 views

WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. i...

9.8CVSS7.3AI score0.90339EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.121 views

Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS7.4AI score0.97405EPSS
Exploits20References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.121 views

Apache 2.4.49 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed...

9.8CVSS8.1AI score0.99992EPSS
Exploits148References6
Nuclei
Nuclei
added 20 hours ago120 views

CData Connect < 23.4.8846 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...

9.8CVSS7.2AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago120 views

Ruby On Rails - Local File Inclusion

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...

7.5CVSS7.2AI score0.26717EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago120 views

GenieACS => 1.2.8 - OS Command Injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...

9.8CVSS7.2AI score0.21901EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago120 views

PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. id: CVE-2023-30150 info: name: PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection author: mastercho severity: critical description: | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerab...

9.8CVSS7.3AI score0.03849EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago120 views

MODx manager - Local File Inclusion

A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. dot dot in the classkey parameter when magicquotesgpc is disabled. id: CVE-2010-5278 info: name: MODx manag...

4.3CVSS6.1AI score0.17028EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago120 views

Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

10CVSS6AI score0.56209EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.120 views

Fortra GoAnywhere MFT - Remote Code Execution

Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. id: CVE-2023-0669 info: name: Fortra GoAnywhere MFT - Remote...

7.2CVSS8.9AI score0.99999EPSS
Exploits12References5
Nuclei
Nuclei
added 20 hours ago119 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.4AI score0.03848EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago119 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection

The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...

4.3CVSS6.3AI score0.06079EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago119 views

HP System Management Homepage (SMH) v2.x.x.x - Open Redirect

Open redirect vulnerability in red2301.html in HP System Management Homepage SMH 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. id: CVE-2010-1586 info: name: HP System Management Homepage SMH v2.x.x.x - Open...

4.3CVSS6.1AI score0.09659EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago119 views

ECShop 4.1.0 - SQL Injection

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...

7.5CVSS7.1AI score0.06788EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago119 views

Cute Editor for ASP.NET 6.4 - Cross-Site Scripting

Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.4AI score0.02932EPSS
Exploits1References3
Nuclei
Nuclei
added 3 days ago119 views

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

9.8CVSS7.2AI score0.50673EPSS
Exploits2References3
Nuclei
Nuclei
added 3 days ago119 views

Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

8.6CVSS7AI score0.64697EPSS
Exploits2References5
Nuclei
Nuclei
added 5 days ago119 views

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances ASA web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will not reload, but an attacker...

7.5CVSS7.2AI score0.99903EPSS
Exploits18References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.119 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added 20 hours ago118 views

RaidenMAILD Mail Server v.4.9.4 - Path Traversal

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. id: CVE-2024-32399 info: name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal author: DhiyaneshDK severity: high description: |...

7.6CVSS7.2AI score0.0316EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago118 views

TOTOLINK Realtek SD Routers - Remote Command Injection

TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...

9CVSS7.4AI score0.25135EPSS
Exploits3References5
Nuclei
Nuclei
added 20 hours ago118 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7.2AI score0.03551EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago118 views

Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3822 info: name: Base64 Encoder/Decode...

4.8CVSS5.9AI score0.00741EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago118 views

WordPress Google Maps <7.11.18 - SQL Injection

WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute...

9.8CVSS7.3AI score0.78699EPSS
Exploits6References5
Nuclei
Nuclei
added 3 days ago118 views

GeoServer WPS - Server Side Request Forgery

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS7.1AI score0.67715EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/06/29 5:52 a.m.118 views

Apache Struts2 S2-057 - Remote Code Execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS8AI score0.99993EPSS
Exploits41References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.118 views

Sonatype Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection id: CVE-2020-10199 info: name: Sonatype Nexus Repository Manager 3 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection impact: |...

9CVSS7.3AI score0.99064EPSS
Exploits10References5
Nuclei
Nuclei
added 2025/03/28 10:17 a.m.118 views

CrushFTP - Authentication Bypass

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-2825 info: name: CrushFTP - Authenticatio...

9.8CVSS7.4AI score0.99621EPSS
Exploits66References4
Nuclei
Nuclei
added 20 hours ago117 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.5AI score0.97405EPSS
Exploits21References5
Nuclei
Nuclei
added 20 hours ago117 views

BigAnt Server 5.6.06 - Improper Access Control

BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-23348 info: name: BigAn...

5.3CVSS6.2AI score0.03379EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago117 views

TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

9.8CVSS7.6AI score0.65412EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday117 views

NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read

NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlyi...

8.6CVSS7.3AI score0.9408EPSS
Exploits2References1
Nuclei
Nuclei
added 2 days ago117 views

Emby < 4.5.0 - Server Server-Side Request Forgery

Emby Server before 4.5.0 allows server-side request forgery SSRF via the Items/RemoteSearch/Image ImageURL parameter. id: CVE-2020-26948 info: name: Emby 4.5.0 - Server Server-Side Request Forgery author: dwisiswant0 severity: critical description: | Emby Server before 4.5.0 allows server-side...

9.8CVSS7.2AI score0.87154EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago117 views

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

9.8CVSS6.7AI score0.74697EPSS
Exploits4References3
Nuclei
Nuclei
added 3 days ago117 views

WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. id: CVE-2023-32243 info: name: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset author:...

9.8CVSS7.4AI score0.75946EPSS
Exploits8References5
Nuclei
Nuclei
added 5 days ago117 views

XWiki < 4.10.15 - Sensitive Information Disclosure

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

7.5CVSS7AI score0.83548EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.117 views

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

9.8CVSS7.2AI score0.99997EPSS
Exploits8References5
Nuclei
Nuclei
added 20 hours ago116 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.3AI score0.11595EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago116 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS6.1AI score0.01425EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.116 views

Oracle WebLogic Server - Remote Command Execution

Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See...

10CVSS7.9AI score0.99997EPSS
Exploits43References5
Nuclei
Nuclei
added 20 hours ago115 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.5AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago115 views

Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pwsnmp.html "System contact" field. id: CVE-2019-11370 info: name: Carel pCOWeb B1.2.4 - Cross-Site Scripting author: arafatansari severity: medium description: | Carel pCOWeb prior to B1.2.4 ...

5.4CVSS6AI score0.03977EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago115 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS6AI score0.02991EPSS
Exploits4References3
Total number of security vulnerabilities4136