Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
•added 2 days ago•45 views

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

6.1CVSS6.7AI score0.16372EPSS
Exploits3References2
Nuclei
Nuclei
•added 2 days ago•74 views

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the devicegraphpage.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. id: CVE-2021-21801 info: name: Advantech R-SeeNet - Cross-Site Scripting author: gy74...

9.6CVSS6.9AI score0.63415EPSS
Exploits1References4
Nuclei
Nuclei
•added 2 days ago•70 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.4AI score0.03241EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•70 views

elFinder <=2.1.60 - Local File Inclusion

elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. id: CVE-2022-26960 info: name: elFind...

9.1CVSS7.1AI score0.50993EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•82 views

Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

7.5CVSS7AI score0.38083EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•16 views

wpDiscuz <= 5.3.5 - SQL Injection

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. id: CVE-2020-13640 info: name: wpDiscuz = 5.3.5 - SQL Injection author: Sourabh-Sahu severity:...

9.8CVSS7.3AI score0.12706EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•108 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•85 views

Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...

5.3CVSS6.5AI score0.69724EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•72 views

GateOne 1.1 - Local File Inclusion

GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used. id: CVE-2020-35736 info: name: GateOne 1.1 - Local File Inclusion author: pikpikcu severity: high description: GateOne 1.1 allows arbitrary file...

7.5CVSS7AI score0.15402EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•82 views

JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure

JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.18645EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•201 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

9.8CVSS7.5AI score0.93168EPSS
Exploits18References5
Nuclei
Nuclei
•added 2 days ago•49 views

Agentejo Cockpit <0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. id: CVE-2020-35847 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoS...

9.8CVSS7AI score0.98294EPSS
Exploits8References5
Nuclei
Nuclei
•added 2 days ago•71 views

WordPress Time Capsule < 1.21.16 - Authentication Bypass

WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWPJSONPREFIX causes the client to be logged in as the first account on the list of administrator accounts. id: CVE-2020-8771 info: name: WordPress Time Capsule 1.21.16 - Authentication...

9.8CVSS7AI score0.46454EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•144 views

VMware vSphere - Server-Side Request Forgery

VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...

5.3CVSS6.8AI score0.88012EPSS
Exploits8References5
Nuclei
Nuclei
•added 2 days ago•20 views

LG Supersign EZ CMS - Remote Code Execution

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...

9.8CVSS7.4AI score0.56237EPSS
Exploits9References4
Nuclei
Nuclei
•added 2 days ago•53 views

Rubedo CMS <=3.4.0 - Directory Traversal

Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. id: CVE-2018-16836 info: name:...

9.8CVSS7.2AI score0.61437EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•103 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•73 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•41 views

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

9.8CVSS7.4AI score0.75556EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•36 views

Tyto Sahi pro 7.x/8.x - Local File Inclusion

Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. id: CVE-2018-20470 info: name: Tyto Sahi pro 7.x/8.x - Local File Inclusion author: daffainfo...

7.5CVSS7AI score0.45055EPSS
Exploits6References4
Nuclei
Nuclei
•added 2 days ago•68 views

Django - Open Redirect

Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPENDSLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a...

6.1CVSS6.6AI score0.2549EPSS
Exploits0References6
Nuclei
Nuclei
•added 2 days ago•138 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7AI score0.58373EPSS
Exploits6References4
Nuclei
Nuclei
•added 2 days ago•21 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
Nuclei
Nuclei
•added 2 days ago•107 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS7.4AI score0.96682EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•30 views

Joomla! Component iF surfALERT 1.2 - Local File Inclusion

A directory traversal vulnerability in the iF surfALERT comifsurfalert component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1717 info: name: Joomla! Component i...

7.5CVSS6.2AI score0.22285EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•43 views

Joomla! Component com_abbrev - Local File Inclusion

A directory traversal vulnerability in the Abbreviations Manager comabbrev component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0985 info: name: Joomla! Component comabbrev - Local Fi...

7.5CVSS6.3AI score0.13445EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•51 views

Joomla! Component Web TV 1.0 - Local File Inclusion

A directory traversal vulnerability in the Web TV comwebtv component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1470 info: name: Joomla! Component Web TV 1.0 -...

7.5CVSS6.2AI score0.13351EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•25 views

Joomla! Component WMI 1.5.0 - Local File Inclusion

A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface aka WMI or comwmi component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1607 info: name: Joomla!...

6.8CVSS6.3AI score0.08177EPSS
Exploits1References4
Nuclei
Nuclei
•added 2 days ago•66 views

Joomla! Component Graphics 1.0.6 - Local File Inclusion

A directory traversal vulnerability in graphics.php in the Graphics comgraphics component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1653 info: name: Joomla! Component...

7.5CVSS6.3AI score0.13373EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•66 views

pfSense pfBlockerNG - OS Command Injection

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. id: CVE-2022-40624 info: name: pfSense pfBlockerNG - OS Command Injection author: ritikchaddha severity: critical description: | pfSense pfBlockerNG through 2.1.427 allow...

9.8CVSS7.3AI score0.17107EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•67 views

iSpy 7.2.2.0 - Authentication Bypass

iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-29775 info: name: iSpy 7.2.2.0 - Authentication Bypass author: arafatansari severity: critical...

9.8CVSS7.1AI score0.60667EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•151 views

WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

9.8CVSS7.2AI score0.23487EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•88 views

Smart Office Web 20.28 - Information Disclosure

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. id: CVE-2022-47075 info: name: Smart Office Web 20.28 - Information Disclosure author:...

7.5CVSS7AI score0.59407EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•108 views

Atom CMS v2.0 - SQL Injection

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...

9.8CVSS7.1AI score0.61965EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•77 views

KubeView <=0.1.31 - Information Disclosure

KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possib...

9.8CVSS7.1AI score0.51696EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•84 views

TerraMaster TOS <.1.29 - Remote Code Execution

TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...

10CVSS7AI score0.28495EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•72 views

WordPress Canto 1.3.0 - Blind Server-Side Request Forgery

WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...

5.3CVSS6.3AI score0.27771EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•91 views

Spring Cloud Config - Local File Inclusion

Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. id: CVE-2020-5405 info: name: Spring...

6.5CVSS6.9AI score0.6876EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•57 views

Citrix ADC/Gateway - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2020-8191 info: name: Citrix...

6.1CVSS6.6AI score0.22941EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•131 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.6AI score0.61736EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•65 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.1AI score0.50038EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•29 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS7.3AI score0.18671EPSS
Exploits0References3
Nuclei
Nuclei
•added 2 days ago•74 views

Apache Tomcat Remote Command Execution

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS7.1AI score0.56636EPSS
Exploits16References5
Nuclei
Nuclei
•added 2 days ago•55 views

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

9.8CVSS7.1AI score0.68398EPSS
Exploits9References5
Nuclei
Nuclei
•added 2 days ago•59 views

Apache Kylin - Exposed Configuration File

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without...

5.3CVSS6.2AI score0.78331EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•28 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS7.3AI score0.16017EPSS
Exploits2References3
Nuclei
Nuclei
•added 2 days ago•66 views

Citrix XenMobile Server - Local File Inclusion

Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6, and Citrix XenMobile Server before 10.9 RP5 are susceptible to local file inclusion vulnerabilities. reference: -...

7.5CVSS7.1AI score0.48656EPSS
Exploits3References3
Nuclei
Nuclei
•added 2 days ago•62 views

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...

9.1CVSS7AI score0.26939EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•83 views

rConfig <3.9.4 - Sensitive Information Disclosure

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...

7.5CVSS7AI score0.16671EPSS
Exploits1References5
Total number of security vulnerabilities4145