4145 matches found
GLPI < 10.0.17 - Pre-Auth SQL Injection
A pre-authentication SQL injection vulnerability exists in the Inventory feature of GLPI. The vulnerability is caused by insufficient sanitization of user input in the handleAgent function when processing XML requests. The issue occurs because SimpleXMLElement objects can bypass the...
WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...
Drupal 11.x-dev - Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...
Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...
WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24150 info: name: WordPress Like Button Rating 2.6.32 - Server-Side Request Forgery...
vBulletin 5.0.0-6.0.3 - Authentication Bypass
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to...
Piwigo - Cross-Site Scripting
Piwigo is vulnerable to a reflected XSS in the admin panel where the pluginid parameter is not properly sanitized. id: CVE-2023-44393 info: name: Piwigo - Cross-Site Scripting author: ritikchaddha severity: medium description: | Piwigo is vulnerable to a reflected XSS in the admin panel where the...
Jeecg Boot <= 2.4.5 - Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. id: CVE-2021-37304 info: name: Jeecg Boot = 2.4.5 - Information Disclosure author: ritikchaddha severity: high...
WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors. id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Reque...
Eclipse Mojarra - Local File Read
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. id: CVE-2020-6950 info: name: Eclipse Mojarra - Local File Read author: iamnoooob,pdresearch severity: medium description: | Directory traversal in Eclipse Mojarra...
Registrations for the Events Calendar < 2.7.6 - SQL Injection
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. id:...
Bonita BPM Portal <6.5.3 - Local File Inclusion
Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...
Liferay Portal - Cross-site Scripting
A Cross-site scripting XSS vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. id:...
WordPress DB Backup <=4.5 - Local File Inclusion
WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. id:...
Apache Tomcat - Cross-Site Scripting
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
SiYuan <= 3.6.5 - Unauthenticated Path Traversal
SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...
CData Sync < 23.4.8843 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...
WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure
WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. id: CVE-2022-44356 info: name: WAVLINK Quantum D4G WL-WN531G3 - Information Disclosur...
Joomla! Component com_bfsurvey - Local File Inclusion
A directory traversal vulnerability in the BF Survey combfsurvey component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2259 info: name: Joomla! Component combfsurvey - Local File Inclusion...
AccessAlly <3.5.7 - Sensitive Information Leakage
WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...
mooDating 1.2 - Cross-site scripting
A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is...
Frigate < 0.13.0 Beta 3 - Cross-Site Scripting
Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...
WordPress Post Grid <2.1.8 - Cross-Site Scripting
WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, id: CVE-2021-24488 info: name: WordPress Post Grid 2.1.8 - Cross-Sit...
Hurrakify <= 2.4 - Server-Side Request Forgery
The Hurrakify plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify...
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...
Spring Security OAuth2 Remote Command Execution
Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote comma...
WAVLINK WN579X3 - Remote Command Execution
Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 route...
Simple File List < 6.1.13 - Reflected Cross-Site Scripting
Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...
Vite Dev Server - Path Traversal in Optimized Deps .map Handling
Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter. id: CVE-2012-4982 info: name: Forescout CounterACT 6.3.4.1 - Open Redirect...
WordPress RobotCPA 5 - Directory Traversal
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...
SolarWinds Serv-U 15.3 - Directory Traversal
SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...
nitely/spirit 0.12.3 - Open Redirect
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. id: CVE-2022-0869 info: name: nitely/spirit 0.12.3 - Open Redirect author: ctflearner severity: medium description: | Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. impact: | An attacker can...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. id: CVE-2021-27315 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind...
Blog2Social < 7.2.1 - Cross-Site Scripting
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-3936 info: name: Blog2Social 7.2.1 - Cross-Site...
Pandora Fms < 3.1.1 - Directory Traversal
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via 1 the page parameter to ajax.php or 2 the id parameter to general/pandorahelp.php, and allow remote attackers to include and execute, create, modify, or...
MapTiler Tileserver-php v2.0 - Unauthenticated File Read
MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests id: CVE-2025-44137 info: name: MapTiler Tileserver-php v2.0 -...
ClinicCases 7.3.3 Cross-Site Scripting
ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...
Import Legacy Media <= 0.1 - Cross-Site Scripting
A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...
bloofoxCMS v0.5.2.1 - SQL Injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. id: CVE-2023-34751 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...
Seagate NAS OS 4.3.15.1 - Server Information Disclosure
Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.getinfos. id: CVE-2018-12296 info: name: Seagate NAS OS 4.3.15.1 - Server Information...
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...
phpMyFAQ < 3.1.8 - Cross-Site Scripting
phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users'...
Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...
TYPO3 ceselector Extension - Insecure Deserialization
TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...
GitLab CE/EE - Remote Code Execution
GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modi...