Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
added 9 hours ago48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
Nuclei
Nuclei
added 9 hours ago59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.2AI score0.02145EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago26 views

74cmsSE v3.4.1 - Arbitrary File Read

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. id: CVE-2022-26271 info: name: 74cmsSE v3.4.1 - Arbitrary File Read author: ritikchaddha severity: high description: | 74cmsSE v3.4.1 was discovered to contain a...

7.5CVSS7AI score0.04633EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago17 views

phpMyFAQ < 3.1.8 - Cross-Site Scripting

phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users'...

7.3CVSS6.8AI score0.05743EPSS
Exploits3References3
Nuclei
Nuclei
added 9 hours ago82 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...

9.8CVSS7.2AI score0.88518EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago26 views

KLog Server - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. id: CVE-2025-1035 info: name: KLog Server - Path Traversal author: s4e-io...

5.7CVSS6.1AI score0.09676EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago216 views

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

7.5CVSS6.8AI score0.02317EPSS
Exploits0References6
Nuclei
Nuclei
added 9 hours ago24 views

Themes Coder Ecommerce <= 1.3.4 - SQL Injection

The Themes Coder Ecommerce WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-13726 info: name: Themes Coder Ecommerce = 1.3.4 - SQL...

8.6CVSS7.1AI score0.01909EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago178 views

ThinVNC - Authentication Bypass

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...

10CVSS7.1AI score0.11027EPSS
Exploits2
Nuclei
Nuclei
added 9 hours ago61 views

XWiki Platform - Unauthorized Document History Access

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...

5.3CVSS6.1AI score0.03417EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago159 views

SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass

The SureTriggers- All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...

8.1CVSS7.1AI score0.7568EPSS
Exploits8References4
Nuclei
Nuclei
added 9 hours ago84 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.1AI score0.07866EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago41 views

INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/exportsettings.sh endpoint. id: CVE-2020-24285 info: name: INTELBRAS...

7.5CVSS7AI score0.04497EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago71 views

InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

9.8CVSS6.2AI score0.05747EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago30 views

openSIS v9.0 - Path Traversal

A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths. id: CVE-2023-38879 info: name: openSIS v9.0 -...

7.5CVSS7.1AI score0.03663EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago103 views

MagnusBilling Alarm Module - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...

7.6CVSS5.8AI score0.00888EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago33 views

LearnPress < 4.2.7.1 - SQL Injection

The LearnPress WordPress LMS Plugin before 4.2.7.1 is vulnerable to unauthenticated SQL injection via the 'cfields' parameter in the /wp-json/lp/v1/courses/archive-course REST API endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-8529 info: name:...

10CVSS6.1AI score0.11831EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago15 views

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

9.8CVSS7.2AI score0.0955EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago57 views

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

8.2CVSS6AI score0.01089EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago98 views

IdeaCMS <= 1.7 - SQL Injection

IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...

8.8CVSS6.6AI score0.01269EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago49 views

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: |...

9.8CVSS7AI score0.06172EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago24 views

SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. id: CVE-2020-5766 info: name: SRS Simple Hits Counter 1.0.3-1.0.4...

7.5CVSS7AI score0.06052EPSS
Exploits3References2
Nuclei
Nuclei
added 9 hours ago35 views

FortiWLM - Directory Traversal

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. id: CVE-2023-34990 info: name: FortiWLM - Directory Traversal author: DhiyaneshDk severity: critical...

9.8CVSS7.2AI score0.24901EPSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago47 views

Apache Spark UI - Cross-Site Scripting

Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint. id: CVE-2018-8024 info: name: Apache Spark UI - Cross-Site Scripting author: ritikchaddha severity: medium description: | Apache Spark UI before 2.3.2 is vulnerable to XSS via...

5.4CVSS6.2AI score0.05251EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago31 views

Mlflow < 2.17.0 - Local File Inclusion

Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...

7.5CVSS7AI score0.02484EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago50 views

OneDev.io < 11.0.9 - Arbitrary File Read

Files on the host computer can be accessed by directory traversal. id: CVE-2024-45309 info: name: OneDev.io 11.0.9 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed by directory traversal. impact: | An attacker would be able to view the...

8.7CVSS7AI score0.24822EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago44 views

Give WP Plugin < 3.19.0 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...

4.8CVSS7AI score0.00794EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago38 views

KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection

The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7AI score0.13515EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago87 views

Hurrakify <= 2.4 - Server-Side Request Forgery

The Hurrakify plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify...

7.2CVSS7AI score0.01461EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago45 views

Korenix JetPort 5601v3 - Path Traversal

The pathname of the root directory to a Restricted Directory 'Path Traversal' vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601- through 1.2. id: CVE-2024-11303 info: name: Korenix JetPort 5601v3 - Path Traversal author: geeknik severity: high description...

8.7CVSS7AI score0.0181EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago88 views

Tiki Wiki CMS GroupWare - Authentication Bypass

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. id: CVE-2020-15906 info: name: Tiki Wiki CMS GroupWare - Authentication Bypass author: JeonSungHyunnukunga,gy741,oIfloraIo,nechyo,harksu severity: critical description: | tiki-login.php in...

9.8CVSS7AI score0.27362EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago25 views

MasterSAM Star Gate v11 - Local File Inclusion

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information...

6.5CVSS7.1AI score0.03012EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago69 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.2AI score0.99813EPSS
Exploits25References3
Nuclei
Nuclei
added 9 hours ago45 views

Shield Security Plugin < 20.0.6 - Cross-Site Scripting

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...

6.1CVSS6.3AI score0.01444EPSS
Exploits3References3
Nuclei
Nuclei
added 9 hours ago73 views

WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure

The WordPress Download Manager plugin before version 3.3.07 does not prevent directory listing on web servers that don't use htaccess, allowing unauthorized access to files stored in the download-manager-files directory. id: CVE-2024-13126 info: name: WordPress Download Manager 3.3.07 -...

4.6CVSS6.1AI score0.00449EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago98 views

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7AI score0.00879EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago123 views

Proxmox - CRLF Injection

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS7AI score0.0138EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago19 views

System Dashboard < 2.8.10 - Cross-Site Scripting

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...

5.4CVSS6.1AI score0.00813EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago95 views

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...

8.6CVSS7.1AI score0.05366EPSS
Exploits6References3
Nuclei
Nuclei
added 9 hours ago45 views

iTop - User Enumeration via REST Endpoint

From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is doresetpwd, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided. id: CVE-2024-51739 info: name: iTop - User...

7.5CVSS7AI score0.01259EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago34 views

Flarum < 1.8.5 - Open Redirect

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS6.4AI score0.01067EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago58 views

WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS7AI score0.02886EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago17 views

WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting

The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript cod...

7.1CVSS7.2AI score0.00649EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago43 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS6.1AI score0.00823EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago13 views

WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting

The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an...

6.1CVSS7AI score0.00709EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago89 views

WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...

6.1CVSS7.2AI score0.00594EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago37 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.4AI score0.0379EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago29 views

Cockpit < 2.4.1 - Arbitrary File Upload

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extensions to bypass the upload filter. id: CVE-2025-1025 info: name: Cockpit 2.4.1 - Arbitrary File Upload author: iamnoooob,rootxharsh,pdresearch severity: high...

8.7CVSS7AI score0.18583EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago19 views

ipTIME A2004 - Unauthorized Access

An access control issue exists in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 that allows attackers to obtain sensitive information without authentication. The vulnerability allows unauthenticated access to device settings and configuration information. id: CVE-2024-54764 info:...

6.5CVSS6AI score0.01024EPSS
Exploits0References2
Total number of security vulnerabilities4145