Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
•added yesterday•201 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

9.8CVSS7.5AI score0.93168EPSS
Exploits18References5
Nuclei
Nuclei
•added yesterday•101 views

WordPress DZS Zoomsounds <=6.50 - Local File Inclusion

WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...

7.5CVSS7AI score0.66543EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•47 views

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code id: CVE-2023-6065 info: name: Quttera Web Malware Scanner = 3.4.1.48 - Sensitive Data Exposure...

5.3CVSS6.7AI score0.18697EPSS
Exploits2References3
Nuclei
Nuclei
•added yesterday•88 views

Intelbras WIN 300/WRN 342 - Credentials Disclosure

Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...

7.5CVSS7AI score0.63023EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•100 views

Fortinet FortiSandbox - Command Injection

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input. id: CVE-2026-39808 info: name: Fortinet FortiSandbox - Command...

9.8CVSS7.2AI score0.48668EPSS
Exploits6References2
Nuclei
Nuclei
•added yesterday•69 views

Joomla! Component SmartSite 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the SmartSite comsmartsite component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author:...

5CVSS6.2AI score0.19192EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•63 views

LDAP Injection In OpenAM

OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration ca...

7.5CVSS7AI score0.76385EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•244 views

Responsive FileManager <9.13.4 - Local File Inclusion

Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajaxcalls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion. id: CVE-2018-15535 info: name: Responsive FileManager...

7.5CVSS6.7AI score0.45242EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•63 views

DokuWiki - Cross-Site Scripting

DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.9AI score0.03253EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•88 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7AI score0.143EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•127 views

Kyocera Printer d-COPIA253MF - Directory Traversal

Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server. id: CVE-2020-23575 info: name: Kyocera Printer d-COPIA253MF - Directory Traversal author: 0xAkoko severity: high...

7.5CVSS6.8AI score0.36765EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•8 views

YesWiki Bazar Widget - Reflected XSS via 'id' Parameter

YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using striptags only. striptags does not escape double quotes, allowing an attacker to break out of the data-formid attribute and inject arbitrary event handlers. id: CVE-2026-52774 info: name: YesWiki Bazar Widget ...

6.2AI score0.00039EPSS
Exploits0References2
Nuclei
Nuclei
•added 2 days ago•1498 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS7.5AI score0.94741EPSS
Exploits29References8
Nuclei
Nuclei
•added 2 days ago•256 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
Nuclei
Nuclei
•added 2 days ago•24 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.3AI score0.99979EPSS
Exploits41References5
Nuclei
Nuclei
•added 2 days ago•68 views

KubePi JwtSigKey - Admin Authentication Bypass

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS7AI score0.69667EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•81 views

GL.iNET SSID Key Disclosure

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. id: CVE-2023-31478 info: name: GL.iNET SSID Key Disclosure author: DhiyaneshDK severity: high description: | An issue was discovered on GL.iNet...

7.5CVSS7AI score0.29699EPSS
Exploits1References1
Nuclei
Nuclei
•added 2 days ago•60 views

Citrix Gateway and Citrix ADC - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2023-24488 info: name: Citrix Gateway and Citrix ADC - Cross-Site Scripting author: johnk3r,DhiyaneshD...

6.1CVSS6.6AI score0.80907EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•129 views

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

7.2CVSS6.6AI score0.73142EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•75 views

Login with Phone Number - Cross-Site Scripting

Login with Phone Number, versions 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwpforgotpassword' function. id: CVE-2023-23492 info: name: Login with Phone Number - Cross-Site Scripting author: r3Y3r53 severity: high description: | Login wit...

8.8CVSS7AI score0.57123EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•103 views

DrayTek Vigor - Command Injection

DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...

9.8CVSS7.2AI score0.98084EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•111 views

YARPP <= 5.30.10 - Missing Authorization

The YARPP Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the /includes/yarppprosetdisplaytypes.php file in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to set displ...

9.8CVSS6.1AI score0.43585EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•132 views

LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

9.8CVSS7AI score0.83178EPSS
Exploits7References5
Nuclei
Nuclei
•added 2 days ago•3307 views

Apache httpd <=2.4.29 - Arbitrary File Upload

Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in , which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of...

8.1CVSS6.7AI score0.86006EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•74 views

Layer5 Meshery 0.5.2 - SQL Injection

Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go. id: CVE-2021-31856 info: name: Layer5 Meshe...

9.8CVSS7.2AI score0.75384EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•90 views

TP-LINK - Local File Inclusion

TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...

7.8CVSS7AI score0.83772EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•76 views

FreeIPA - XML Entity Injection

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. id: CVE-2022-2414 info: name: FreeIPA - XML Entity Injection...

7.5CVSS7.1AI score0.85323EPSS
Exploits3References3
Nuclei
Nuclei
•added 2 days ago•78 views

Payara Micro Community 5.2021.6 Directory Traversal

Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability. id: CVE-2021-41381 info: name: Payara Micro Community 5.2021.6 Directory Traversal author: pikpikcu severity: high description: Payara Micro Community 5.2021.6 and below contains a directory traversal...

7.5CVSS7AI score0.52926EPSS
Exploits6References5
Nuclei
Nuclei
•added 2 days ago•292 views

Gogs (Go Git Service) 0.11.66 - Remote Code Execution

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...

9.8CVSS7.4AI score0.31882EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•74 views

Microsoft Exchange Server - Cross-Site Scripting

Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. id: CVE-2021-31195 info: name: Microsoft Exchange Server - Cross-Site Scripting author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is...

8.8CVSS6.8AI score0.73676EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•101 views

YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

10CVSS7.1AI score0.82516EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•23 views

Eclipse BIRT Viewer - Remote Code Execution

Eclipse BIRT versions 4.8.0 and earlier contain a JSP injection caused by query parameters, letting remote attackers create and access malicious JSP files in the viewer directory, exploit requires sending crafted query parameters. id: CVE-2021-34427 info: name: Eclipse BIRT Viewer - Remote Code...

9.8CVSS7.1AI score0.5771EPSS
Exploits4References3
Nuclei
Nuclei
•added 2 days ago•155 views

Cisco IOS HTTP Configuration - Authentication Bypass

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author:...

9.3CVSS6.3AI score0.6845EPSS
Exploits8References5
Nuclei
Nuclei
•added 2 days ago•24 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.1AI score0.8581EPSS
Exploits2References3
Nuclei
Nuclei
•added 2 days ago•99 views

NETGEAR ProSafe SSL VPN firmware - SQL Injection

NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. id: CVE-2022-29383 info: name: NETGEAR ProSafe SSL VPN firmware - SQL Injection author: elitebaz severity: critical description: |...

9.8CVSS6.8AI score0.48957EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•88 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.2AI score0.71536EPSS
Exploits7References5
Nuclei
Nuclei
•added 2 days ago•143 views

WordPress BulletProof Security 5.1 Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS6.7AI score0.7233EPSS
Exploits7References5
Nuclei
Nuclei
•added 2 days ago•16 views

KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS7AI score0.53389EPSS
Exploits0References2
Nuclei
Nuclei
•added 2 days ago•57 views

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument starthour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised syste...

9.8CVSS7.1AI score0.79513EPSS
Exploits1References4
Nuclei
Nuclei
•added 2 days ago•14 views

APsystems ECU-R Firmware - Command Injection

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity:...

9.8CVSS7.3AI score0.76604EPSS
Exploits1References1
Nuclei
Nuclei
•added 2 days ago•64 views

Gitea <1.16.5 - Open Redirect

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-1058 info: name: Gitea 1.16.5 - Open Redire...

7.2CVSS6.7AI score0.53177EPSS
Exploits1References3
Nuclei
Nuclei
•added 2 days ago•17 views

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

8.6CVSS7AI score0.49051EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•92 views

Telesquare TLR-2855KS6 - Arbitrary File Creation

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...

7.5CVSS7AI score0.23945EPSS
Exploits4References3
Nuclei
Nuclei
•added 2 days ago•27 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•196 views

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

7.5CVSS7AI score0.51653EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•94 views

AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion

AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion. id: CVE-2022-23854 info: name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion author: For3stCo1d severity: high description: | AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to loc...

7.5CVSS7AI score0.45957EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•497 views

Gogs <0.12.6 - Remote Command Execution

Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id...

9.9CVSS7.2AI score0.65237EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•318 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7AI score0.70589EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•36 views

Apache APISIX Dashboard <2.10.1 - API Unauthorized Access

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework droplet, some API directly use the interface of framework gin thus bypassing...

9.8CVSS7.1AI score0.85943EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•73 views

EVlink City < R8 V3.4.0.1 - Authentication Bypass

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS7AI score0.64612EPSS
Exploits2References3
Total number of security vulnerabilities4145