LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

Grandstream UCM6200 - SQL Injection

Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...

phpMyAdmin < 5.0.3 - SQL Injection

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 contains a SQL injection caused by improper processing of SQL statements in the search feature, letting attackers inject malicious SQL, exploit requires crafted search input. id: CVE-2020-26935 info: name: phpMyAdmin 5.0.3 - SQL Injection author: 0xAko...

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

IdeaCMS <= 1.7 - SQL Injection

IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...

WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials

WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wccautoscaling.py file. An attacker can use this account to access system configuration and...

PrestaShop AdvancedPopupCreator - SQL Injection

In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...

JumpServer - Open Redirect via Referer Header

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

SAP Solution Manager - Open Redirect

SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-26836 info: name: SAP Solution Manager - Open...

MetInfo 7.0.0 beta - SQL Injection

MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter a different issue than CVE-2019-16997. id: CVE-2019-17418 info: name: MetInfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description: | MetInfo...

WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read

WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33901 info:...

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

The Ray Dashboard API is affected by a Server-Side Request Forgery SSRF vulnerability in the url parameter of the /logproxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid. id: CVE-2023-48023 info:...

DedeCMS v5.7.111 - Cross-Site Scripting

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php. id: CVE-2023-49494 info: name: DedeCMS v5.7.111 - Cross-Site Scripting author: ritikchaddha severity: medium description: | DedeCMS v5.7.111 was discover...

WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting

WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration. id: CVE-2021-24214...

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Next.js - Server Side Request Forgery (SSRF)

Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. id: CVE-2024-34351 info: name: Next.js - Server Side Request Forgery SSRF author: righettod severity: high description: | Next.Js, inferior to version 14.1.1, have its image optimization built-in...

Apache Struts 2.0.0-2.5.25 - Remote Code Execution

Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. id: CVE-2020-17530 info: name: Apache Struts 2.0.0-2.5.25 - Remote Code Execution author: pikpikcu severity: critical...

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2013-2248 info: name: Apache Struts - Multiple Open Redirection Vulnerabilities author: 0xAkoko severity: medium description: Apache Struts is prone ...

Gogs (Go Git Service) 0.11.66 - Remote Code Execution

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...

Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...

Give WP Plugin < 3.19.0 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...

IND780 - Local File Inclusion

IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 SS Label 'IND7808.0.07', Version 7.2.10 June 18, 2012 SS Label 'IND7807.2.10' is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the...

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

WordPress IWS Geo Form Fields <=1.0 - SQL Injection

WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data,...

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

Dozzle - Server Side Request Forgery

Dozzle prior to 10.5.2 contains a server-side request forgery caused by unauthenticated access to POST /api/notifications/test-webhook forwarding attacker-controlled URLs, letting remote attackers send arbitrary HTTP POST requests and receive response data, exploit requires no authentication. id:...

Elber ESE DVB-S/S2 - Authentication Bypass

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. id: CVE-2025-0674 info: name:...

VertaAI ModelDB - Path Traversal

The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress JSmol2WP <=1.07 - Cross-Site Scripting

WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...

Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting

The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. id: CVE-2014-4561 info: name: Ultimate Weather Plugin = 1.0 - Cross-Site Scripting author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site...

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

Cellinx NVT Web Server - Local File Disclosure

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...

cPanel < 11.109.9999.116 - Cross-Site Scripting

An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...

Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor

Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint "https://192.168.1.2/aboutstate", enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password. id: CVE-2021-40859 info: name: Auerswald COMpact 5500R 7.8A a...

YARPP <= 5.30.10 - Missing Authorization

The YARPP Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the /includes/yarppprosetdisplaytypes.php file in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to set displ...

OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

PrestaShop 'possearchproducts' <= 1.7 - SQL Injection

In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

REST API TO MiniProgram <= 4.7.1 - SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

Ollama - Remote Code Execution

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. id: CVE-2024-37032 info: name: Ollama ...