Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
added 2 days ago90 views

SonLogger - Arbitrary File Upload

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. id: CVE-2021-27964 info:...

9.8CVSS7AI score0.46021EPSS
Exploits5References2
Nuclei
Nuclei
added 2 days ago48 views

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

6.5CVSS6.5AI score0.1956EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago60 views

PrestaShop 1.7.7.0 - SQL Injection

PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.20695EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago68 views

Cisco Small Business RV Series - OS Command Injection

Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or...

9.8CVSS6.9AI score0.72472EPSS
Exploits8References5
Nuclei
Nuclei
added 2 days ago61 views

WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting

WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action, available to both unauthenticated and authenticated users. id: CVE-2021-2429...

6.1CVSS6.5AI score0.1445EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago258 views

ZTE MF971R - Referer authentication bypass

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...

4.3CVSS6.7AI score0.55709EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago59 views

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

6.1CVSS6.5AI score0.13041EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago114 views

Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection

Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...

9.9CVSS7AI score0.37064EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago90 views

Cartadis Gespage 8.2.1 - Directory Traversal

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. id: CVE-2021-33807 info: name: Cartadis Gespage 8.2.1 - Directory Traversal author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversa...

7.5CVSS7AI score0.16139EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago81 views

HD-Network Realtime Monitoring System 2.0 - Local File Inclusion

Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. id: CVE-2021-45043 info: name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion...

7.5CVSS7AI score0.33133EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago86 views

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

5.3CVSS6.7AI score0.7848EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago81 views

Elasticsearch 7.10.0-7.13.3 - Information Disclosure

ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...

6.5CVSS7AI score0.76249EPSS
Exploits6References5
Nuclei
Nuclei
added 2 days ago45 views

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

7.5CVSS7AI score0.18925EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago80 views

Contest Gallery < 13.1.0.6 - SQL injection

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...

9.8CVSS7.1AI score0.127EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago88 views

Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting

Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/mynotifications NEWUINAV parameter. id: CVE-2021-36450 info: name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium description: Verint...

6.1CVSS6.4AI score0.64921EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago57 views

WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting

WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault,...

6.1CVSS6.4AI score0.10769EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago183 views

Apache OFBiz < 17.12.07 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack id: CVE-2021-29200 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: your3cho severity: critical description: | Apache OFBiz has unsafe deserialization prior to...

9.8CVSS7.1AI score0.5537EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago147 views

MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion

MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI for authentication bypass to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. id: CVE-2021-23241 info: name: MERCUSYS Mercury X18G 1.0.5 Route...

5.3CVSS6.6AI score0.13436EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago503 views

WordPress WPS Hide Login <1.9.1 - Information Disclosure

WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. id:...

7.5CVSS7AI score0.71532EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago135 views

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

9.8CVSS7.1AI score0.728EPSS
Exploits7References5
Nuclei
Nuclei
added 2 days ago120 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7AI score0.16062EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago35 views

WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

9.8CVSS7.1AI score0.21881EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago17 views

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...

5.3CVSS6.8AI score0.21657EPSS
Exploits3References2
Nuclei
Nuclei
added 2 days ago71 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS7AI score0.208EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago57 views

D-Link DIR-605 - Information Disclosure

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version - 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page id: CVE-2021-40655 info: name: D-Link DIR-605 - Information Disclosure author: DhiyaneshDK severity: high...

7.5CVSS7.1AI score0.87039EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago88 views

WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting

WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. id: CVE-2021-24891 info: name: WordPress Elementor Website Builder 3.1.4 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.24006EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago186 views

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

9.8CVSS7.4AI score0.99105EPSS
Exploits9References5
Nuclei
Nuclei
added 2 days ago83 views

Wordpress Polls Widget < 1.5.3 - SQL Injection

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks id: CVE-2021-24442 inf...

9.8CVSS7.1AI score0.46921EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago140 views

GitLab GraphQL API User Enumeration

An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. id: CVE-2021-4191 info: name: GitLab GraphQL API User Enumeration author: zsusac severity: medium description: An unauthenticated remote attacker can leverage thi...

5.3CVSS6.8AI score0.80004EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago86 views

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

10CVSS7.1AI score0.13029EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago53 views

Reprise License Manager 14.2 - Authentication Bypass

Reprise License Manager RLM 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. id: CVE-2021-44152 info: name: Reprise License Manager 14.2 - Authentication Bypass author: Akincibor severity: critical description: |...

9.8CVSS7AI score0.58555EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago149 views

WordPress Statistics <13.0.8 - Blind SQL Injection

WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...

7.5CVSS7AI score0.29776EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago18 views

MailEnable Mail Service < v10 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component. id: CVE-2025-44148 info: name: MailEnable Mail Service v10 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site...

9.8CVSS6.4AI score0.50752EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago74 views

OpenSymphony XWork/Apache Struts2 - Remote Code Execution

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infini...

6.8CVSS6.4AI score0.25749EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago46 views

PyTorch TorchServe SSRF

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

10CVSS7AI score0.35256EPSS
Exploits6References3
Nuclei
Nuclei
added 2 days ago121 views

GitLab 16.0.0 - Path Traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups id: CVE-2023-2825 info: name:...

10CVSS7AI score0.71641EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago181 views

ManageEngine OpManager - Directory Traversal

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...

9.1CVSS7.1AI score0.47024EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago131 views

SolarView Compact <= 6.00 - Local File Inclusion

There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php id: CVE-2023-29919 info: name: SolarView Compact = 6.00 - Local File Inclusion author: For3stCo1d severity: critical description: | There is ...

9.8CVSS7.1AI score0.60221EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago31 views

LG Simple Editor <= v3.21.0 - Command Injection

LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

9.8CVSS7.5AI score0.87761EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago190 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7AI score0.0333EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago85 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7AI score0.25431EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago102 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago65 views

ZimaOS <= v1.2.4 - Sensitive Information Disclosure

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS6.1AI score0.20599EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago34 views

DevDojo Voyager <=1.8.0 - Cross-Site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. id: CVE-2024-55416 info: name: DevDojo Voyager =1.8.0 - Cross-Site Scripting author:...

3.5CVSS7.2AI score0.24095EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago254 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.4AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago76 views

DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. id: CVE-2024-55417 info: name: DevDojo Voyage...

4.3CVSS7.5AI score0.13218EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
Nuclei
Nuclei
added 2 days ago18 views

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

9.8CVSS6.1AI score0.03345EPSS
Exploits2References1
Nuclei
Nuclei
added 2 days ago16 views

NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...

10CVSS7AI score0.6293EPSS
Exploits5
Nuclei
Nuclei
added 2 days ago596 views

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

9.9CVSS7AI score0.93971EPSS
Exploits18References3
Total number of security vulnerabilities4145