Lucene search
K
NucleiRecent

4143 matches found

Nuclei
Nuclei
•added yesterday•8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References4
Nuclei
Nuclei
•added yesterday•15 views

Vendure Core - SQL Injection

Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...

9.1CVSS6.4AI score0.01762EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•17 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS6.1AI score0.01709EPSS
Exploits0References3
Nuclei
Nuclei
•added yesterday•20 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.2AI score0.14775EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•79 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS6.2AI score0.04405EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•43 views

NewStatPress <0.9.9 - Cross-Site Scripting

WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nspsearch.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php. id: CVE-2015-4063 info: nam...

3.5CVSS6.2AI score0.06188EPSS
Exploits6References5
Nuclei
Nuclei
•added yesterday•33 views

Novius OS 5.0.1-elche - Open Redirect

Novius OS 5.0.1 Elche allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. id: CVE-2015-5354 info: name: Novius OS 5.0.1-elche - Open Redirect author: 0xAkoko severity: medium description: Novius OS...

5.8CVSS6.2AI score0.12523EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•17 views

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

9.3CVSS6.3AI score0.0503EPSS
Exploits1References6
Nuclei
Nuclei
•added yesterday•50 views

ManageEngine Firewall Analyzer <8.0 - Local File Inclusion

ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. id: CVE-2015-7780 info: name: ManageEngine Firewall Analyzer 8.0 - Local File Inclusion author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion...

6.5CVSS6.7AI score0.10631EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•13 views

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

9.8CVSS6.1AI score0.02169EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•91 views

Vite Dev Server - Path Traversal in Optimized Deps .map Handling

Vite development server versions prior to 8.0.5, 7.3.2, and 6.4.2 are vulnerable to path traversal through the optimized dependencies sourcemap handler. The dev server's handling of .map requests for optimized dependencies resolves file paths via normalizePathpath.resolveroot, url.slice1 and call...

6.3CVSS6.1AI score0.00914EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•19 views

SiYuan <= v3.6.1 - Path Traversal

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS6.8AI score0.03256EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•17 views

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...

9.8CVSS6.3AI score0.04458EPSS
Exploits1References1
Nuclei
Nuclei
•added yesterday•29 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS6.2AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
•added yesterday•55 views

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

8.1CVSS6.3AI score0.04175EPSS
Exploits3References2
Nuclei
Nuclei
•added yesterday•26 views

Geo Mashup <= 1.13.17 - SQL Injection

Geo Mashup WordPress plugin = 1.13.17 contains a SQL injection caused by insufficient escaping of the 'sort' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-2416 info: name: Geo Mashup = 1.13.17 - SQL Injection author: Shivam Kamboj...

7.5CVSS6.1AI score0.01392EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•24 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
Nuclei
Nuclei
•added yesterday•22 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6.1AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•29 views

LiteLLM - SQL Injection

LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...

9.8CVSS6.2AI score0.86607EPSS
Exploits7References3
Nuclei
Nuclei
•added yesterday•6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS6.1AI score0.01553EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•32 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS6.1AI score0.01351EPSS
Exploits0References1
Nuclei
Nuclei
•added yesterday•7 views

LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write

LeadConnector WordPress plugin 3.0.22 contains a broken access control caused by missing authorization in a REST route, letting unauthenticated attackers overwrite existing data remotely, exploit requires no authentication. id: CVE-2026-1890 info: name: LeadConnector 3.0.22 - Unauthenticated...

5.3CVSS6.1AI score0.00645EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•7 views

vLLM <= 0.23.0 - Anthropic Router Heap Address Information Leak

vLLM = 0.23.0 incompletely fixes CVE-2026-22778. The original fix added sanitizemessage to the OpenAI router but the Anthropic-compatible router /v1/messages echoes strexc directly. id: CVE-2026-54236 info: name: vLLM = 0.23.0 - Anthropic Router Heap Address Information Leak author: kenlacroix...

9.8CVSS6.7AI score0.03816EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•31 views

SiYuan <= v3.6.1 - Bookmark Data Disclosure

SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. id:...

7.5CVSS6.1AI score0.01227EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
Nuclei
Nuclei
•added yesterday•12 views

WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection

Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...

7.5CVSS6.1AI score0.01382EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•64 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS6.1AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•16 views

MindsDB - Remote Code Execution

MindsDB 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication. id: CVE-2026-27483 info: name: MindsDB - Remote Code Execution author:...

8.8CVSS6.6AI score0.11113EPSS
Exploits4References4
Nuclei
Nuclei
•added yesterday•12 views

MajorDoMo - Cross-Site Scripting

MajorDoMo contains a reflected XSS caused by unsanitized $qry parameter in command.php, letting attackers inject arbitrary JavaScript via crafted URLs, exploit requires victim to visit malicious URL. id: CVE-2026-27176 info: name: MajorDoMo - Cross-Site Scripting author: DhiyaneshDk severity:...

6.1CVSS6.2AI score0.00449EPSS
Exploits1References1
Nuclei
Nuclei
•added yesterday•56 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS6.2AI score0.01025EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•8 views

Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

6.1CVSS6.1AI score0.0046EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•24 views

NocoDB - User Enumeration

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. id: CVE-2026-28358 info: name: NocoDB -...

6.9CVSS6AI score0.00601EPSS
Exploits0References3
Nuclei
Nuclei
•added yesterday•10 views

LearnPress < 4.3.7 - Information Disclosure

LearnPress WordPress plugin 4.3.7 contains an information disclosure vulnerability caused by missing capability checks on a REST endpoint, letting unauthenticated visitors retrieve sensitive user role and capability data via crafted requests. id: CVE-2026-8383 info: name: LearnPress 4.3.7 -...

5.3CVSS6.1AI score0.00424EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•14 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS6.1AI score0.01383EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•157 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS6.3AI score0.00469EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•14 views

mcp-atlassian < 0.17.0 - Server-Side Request Forgery

MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...

9CVSS6.3AI score0.14958EPSS
Exploits2References4
Nuclei
Nuclei
•added yesterday•24 views

CKAN DataStore SQL Search - SQL Injection

CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...

9.8CVSS6.1AI score0.01815EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•54 views

EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

4.3CVSS6.1AI score0.01978EPSS
Exploits5References2
Nuclei
Nuclei
•added yesterday•23 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS6.3AI score0.36503EPSS
Exploits7References3
Nuclei
Nuclei
•added yesterday•13 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS6.1AI score0.00813EPSS
Exploits0References3
Nuclei
Nuclei
•added yesterday•14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
Nuclei
Nuclei
•added yesterday•16 views

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

9.8CVSS7.2AI score0.05982EPSS
Exploits4References4
Nuclei
Nuclei
•added yesterday•21 views

Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

9.8CVSS7.1AI score0.38477EPSS
Exploits4References3
Nuclei
Nuclei
•added yesterday•82 views

Mastodon - Open Redirect

Mastodon version 4.5.8, 4.4.15, 4.3.21 is vulnerable to unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. id: CVE-2026-33868 info: name: Mastodon - Open Redirect author: theamanrawat severity: medium description: |...

6.1CVSS6.1AI score0.00515EPSS
Exploits0References2
Nuclei
Nuclei
•added yesterday•21 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7AI score0.01461EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•39 views

Nginx UI < 2.3.3 - Information Disclosure

Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...

9.8CVSS6.9AI score0.22162EPSS
Exploits13References3
Nuclei
Nuclei
•added yesterday•18 views

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

6.1CVSS6.4AI score0.0077EPSS
Exploits1References1
Nuclei
Nuclei
•added yesterday•42 views

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7AI score0.63422EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•13 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Total number of security vulnerabilities4143