4145 matches found
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. id: CVE-2021-27964 info:...
Prometheus - Open Redirect
Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...
PrestaShop 1.7.7.0 - SQL Injection
PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
Cisco Small Business RV Series - OS Command Injection
Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or...
WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action, available to both unauthenticated and authenticated users. id: CVE-2021-2429...
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...
SonicWall SonicOS 7.0 - Open Redirect
SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...
Cartadis Gespage 8.2.1 - Directory Traversal
Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. id: CVE-2021-33807 info: name: Cartadis Gespage 8.2.1 - Directory Traversal author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversa...
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. id: CVE-2021-45043 info: name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion...
Eclipse Jetty ConcatServlet - Information Disclosure
Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...
Geoserver - Server-Side Request Forgery
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...
Contest Gallery < 13.1.0.6 - SQL injection
The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/mynotifications NEWUINAV parameter. id: CVE-2021-36450 info: name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium description: Verint...
WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault,...
Apache OFBiz < 17.12.07 - Arbitrary Code Execution
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack id: CVE-2021-29200 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: your3cho severity: critical description: | Apache OFBiz has unsafe deserialization prior to...
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI for authentication bypass to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. id: CVE-2021-23241 info: name: MERCUSYS Mercury X18G 1.0.5 Route...
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. id:...
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...
Sercomm VD625 Smart Modems - CRLF Injection
Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...
WordPress Admin Word Count Column 2.2 - Local File Inclusion
The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...
VMware vRealize Log Insight < v8.10.2 - Information Disclosure
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
D-Link DIR-605 - Information Disclosure
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version - 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page id: CVE-2021-40655 info: name: D-Link DIR-605 - Information Disclosure author: DhiyaneshDK severity: high...
WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. id: CVE-2021-24891 info: name: WordPress Elementor Website Builder 3.1.4 - Cross-Site Scripting author:...
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...
Wordpress Polls Widget < 1.5.3 - SQL Injection
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks id: CVE-2021-24442 inf...
GitLab GraphQL API User Enumeration
An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. id: CVE-2021-4191 info: name: GitLab GraphQL API User Enumeration author: zsusac severity: medium description: An unauthenticated remote attacker can leverage thi...
CentOS Web Panel - SQL Injection
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...
Reprise License Manager 14.2 - Authentication Bypass
Reprise License Manager RLM 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. id: CVE-2021-44152 info: name: Reprise License Manager 14.2 - Authentication Bypass author: Akincibor severity: critical description: |...
WordPress Statistics <13.0.8 - Blind SQL Injection
WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...
MailEnable Mail Service < v10 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component. id: CVE-2025-44148 info: name: MailEnable Mail Service v10 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site...
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infini...
PyTorch TorchServe SSRF
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
GitLab 16.0.0 - Path Traversal
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups id: CVE-2023-2825 info: name:...
ManageEngine OpManager - Directory Traversal
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...
SolarView Compact <= 6.00 - Local File Inclusion
There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php id: CVE-2023-29919 info: name: SolarView Compact = 6.00 - Local File Inclusion author: For3stCo1d severity: critical description: | There is ...
LG Simple Editor <= v3.21.0 - Command Injection
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...
Discourse Backup File Disclosure Via Default Nginx Configuration
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
DataEase <= 2.4.1 - Sensitive Information Exposure
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
DevDojo Voyager <=1.8.0 - Cross-Site Scripting
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. id: CVE-2024-55416 info: name: DevDojo Voyager =1.8.0 - Cross-Site Scripting author:...
Weaver E-Office 9.5 - Remote Code Execution
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. id: CVE-2024-55417 info: name: DevDojo Voyage...
Journyx - XML External Entities Injection (XXE)
The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...
ArForms < 6.6 - Remote Code Execution
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...
NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...