Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
•added 2 days ago•249 views

Microsoft SharePoint - Authentication Bypass

Microsoft SharePoint Server Elevation of Privilege Vulnerability id: CVE-2023-29357 info: name: Microsoft SharePoint - Authentication Bypass author: pdteam severity: critical description: | Microsoft SharePoint Server Elevation of Privilege Vulnerability impact: | Unauthenticated attackers can...

9.8CVSS7.1AI score0.99649EPSS
Exploits10References5
Nuclei
Nuclei
•added 2 days ago•168 views

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...

7.5CVSS7AI score0.55736EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•277 views

Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response i...

6.1CVSS6.6AI score0.37246EPSS
Exploits3References6
Nuclei
Nuclei
•added 2 days ago•97 views

Jellyfin <10.7.0 - Local File Inclusion

Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. id: CVE-2021-21402 info: name: Jellyfin 10.7.0 - Local File Inclusion author: dwisiswant0 severity: medium...

7.7CVSS6.6AI score0.79855EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•61 views

Draytek VigorConnect 1.6.0-B - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id:...

7.8CVSS7.1AI score0.74279EPSS
Exploits1References3
Nuclei
Nuclei
•added 2 days ago•75 views

Apache OFBiz <17.12.06 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. id: CVE-2021-26295 info: name: Apache OFBiz 17.12.06 - Arbitrary Code Execution author: madrobot severity: critical description: | Apache OFBiz...

9.8CVSS7.1AI score0.97822EPSS
Exploits9References6
Nuclei
Nuclei
•added 2 days ago•152 views

Apache Struts2 S2-062 - Remote Code Execution

Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...

9.8CVSS7.1AI score0.95922EPSS
Exploits16References5
Nuclei
Nuclei
•added 2 days ago•20 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.6AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•620 views

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

8.2CVSS6.7AI score0.61139EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•82 views

Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

7.5CVSS7AI score0.55526EPSS
Exploits7References5
Nuclei
Nuclei
•added 2 days ago•48 views

Jira - Incorrect Authorization

Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. id: CVE-2019-3403...

5.3CVSS6.5AI score0.52637EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•42 views

D-Link DIR-868L/817LW - Information Disclosure

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in...

10CVSS6.9AI score0.57298EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•44 views

Apache Solr - Deserialization of Untrusted Data

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. id:...

9.8CVSS7.5AI score0.77508EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•37 views

Totaljs <3.2.3 - Local File Inclusion

Total.js Platform before 3.2.3 is vulnerable to local file inclusion. id: CVE-2019-8903 info: name: Totaljs 3.2.3 - Local File Inclusion author: madrobot severity: high description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion. impact: | An attacker can exploit this...

7.5CVSS7AI score0.72058EPSS
Exploits2References5
Nuclei
Nuclei
•added 2 days ago•55 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
Nuclei
Nuclei
•added 2 days ago•111 views

Harbor <=1.82.0 - Privilege Escalation

Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...

6.5CVSS6.5AI score0.23284EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•38 views

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktopurl. id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a...

6.1CVSS6.4AI score0.31043EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•17 views

Xfilesharing 2.5.1 - Arbitrary File Upload

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload.This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. id: CVE-2019-18952 info: name: Xfilesharing 2.5.1 - Arbitrary File Upload...

9.8CVSS7.4AI score0.45361EPSS
Exploits6References3
Nuclei
Nuclei
•added 2 days ago•11 views

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...

10CVSS7.2AI score0.86441EPSS
Exploits6References3
Nuclei
Nuclei
•added 2 days ago•23 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS7.7AI score0.83857EPSS
Exploits1References2
Nuclei
Nuclei
•added 2 days ago•15 views

LabKey Server 19.1.0 - XML External Entity (XXE)

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. id: CVE-2019-9757 info: name: LabKey Server 19.1.0 - XML External Entity XXE author: ritikchaddha...

7.5CVSS7AI score0.37336EPSS
Exploits1References3
Nuclei
Nuclei
•added 2 days ago•83 views

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

9.8CVSS7.3AI score0.76526EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•28 views

GrandNode 4.40 - Local File Inclusion

GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. id: CVE-2019-12276 info: name: GrandNode 4.40...

7.5CVSS7.1AI score0.53705EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•24 views

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

9.8CVSS7.4AI score0.82966EPSS
Exploits8References1
Nuclei
Nuclei
•added 2 days ago•40 views

Linear eMerge E3 - Cross-Site Scripting

Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...

6.1CVSS6.6AI score0.55807EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•70 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. id: CVE-2019-2578 info: name: Oracle Fusion...

8.6CVSS7AI score0.72402EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
•added 2 days ago•111 views

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting

Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server...

6.1CVSS6.6AI score0.81466EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•407 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7AI score0.53879EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.4AI score0.84845EPSS
Exploits3References5
Nuclei
Nuclei
•added 2 days ago•106 views

D-Link DNS-320 - Remote Code Execution

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...

10CVSS7.1AI score0.8721EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•38 views

WordPress Social Warfare <3.5.3 - Cross-Site Scripting

WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, affecting Social Warfare and Social Warfare Pro. id: CVE-2019-9978 info: name: WordPress Social Warfare 3.5.3 - Cross-Site Scripting...

6.1CVSS6.7AI score0.73543EPSS
Exploits20References5
Nuclei
Nuclei
•added 2 days ago•32 views

Metinfo 7.0.0 beta - SQL Injection

Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/languagegeneral.class.php via the admin/?n=language&c=languagegeneral&a=doExportPack appno parameter. id: CVE-2019-16997 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...

7.2CVSS7AI score0.49398EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•108 views

WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval

WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative...

5.8CVSS6.6AI score0.71399EPSS
Exploits4References5
Nuclei
Nuclei
•added 2 days ago•16 views

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

7.5CVSS6.9AI score0.80906EPSS
Exploits10References5
Nuclei
Nuclei
•added 2 days ago•171 views

Jenkins Script Security Plugin <=1.49 - Sandbox Bypass

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin versions 1.49 and earlier within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on th...

8.8CVSS7AI score0.98428EPSS
Exploits17References6
Nuclei
Nuclei
•added 2 days ago•53 views

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

9.8CVSS7.1AI score0.77605EPSS
Exploits1References5
Nuclei
Nuclei
•added 2 days ago•115 views

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

9.8CVSS7.1AI score0.71722EPSS
Exploits6References5
Nuclei
Nuclei
•added 2 days ago•17 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS7.1AI score0.87565EPSS
Exploits1References1
Nuclei
Nuclei
•added 2 days ago•259 views

ZZZCMS 1.6.1 - Remote Code Execution

ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzztemplate.php file because the parserIfLabel function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring. id: CVE-2019-9041 info: name: ZZZCMS 1.6.1 - Remote Code Execution...

7.2CVSS7.4AI score0.31421EPSS
Exploits8References5
Nuclei
Nuclei
•added 2 days ago•77 views

Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

9.8CVSS7.2AI score0.53113EPSS
Exploits1
Nuclei
Nuclei
•added 2 days ago•12 views

SmarterMail - Remote Code Execution

SmarterTools SmarterMail build 9511 contains an unauthenticated remote code execution caused by malicious OS command execution via ConnectToHub API method, letting remote attackers execute arbitrary commands, exploit requires no authentication. id: CVE-2026-24423 info: name: SmarterMail - Remote...

9.8CVSS7.6AI score0.87693EPSS
Exploits0References4
Nuclei
Nuclei
•added 2 days ago•77 views

ASUS DSL-AC88U - Authentication Bypass

A vulnerability in the ASUS DSL-AC88U router permits unauthorized individuals to bypass authentication.When adding "/js/..%2f%2f" or "/images/..%2f%2e" to the requested URL, it will be recognized as passing the authentication.This vulnerability is part of a broader authentication bypass issue...

9.8CVSS7.1AI score0.43456EPSS
Exploits0References3
Nuclei
Nuclei
•added 2 days ago•25 views

Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...

9.8CVSS7.2AI score0.54754EPSS
Exploits5References4
Nuclei
Nuclei
•added 2 days ago•307 views

Craft CMS - Remote Code Execution via Template Path Manipulation

This template identifies a critical Remote Code Execution RCE vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9. The vulnerability exists due to improper handling of the --templatesPath query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig...

9.8CVSS7.4AI score0.97446EPSS
Exploits9References5
Nuclei
Nuclei
•added 2 days ago•140 views

ZoneMinder v1.37.* <= 1.37.64 - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65. id: CVE-2024-51482 info: name: ZoneMinder v1.37. = 1.37.64 - SQL Injection author...

9.9CVSS7AI score0.36899EPSS
Exploits8References3
Nuclei
Nuclei
•added 2 days ago•45 views

Veeam Backup & Replication - Unauthenticated

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE. id: CVE-2024-40711 info: name: Veeam Backup & Replication - Unauthenticated author: rootxharsh,iamnoooob,DhiyaneshDK severity: critical description: | A deserializati...

9.8CVSS7.5AI score0.88193EPSS
Exploits3References3
Nuclei
Nuclei
•added 2 days ago•91 views

Atlassian Confluence Data Center and Server - Remote Code Execution

Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X affected versions. This issue allows authenticated attackers to execute arbitrary code. id: CVE-2024-21683 info: name: Atlassian Confluence Data Center and Server - Remote Code Execution autho...

8.8CVSS7.3AI score0.88267EPSS
Exploits9References5
Nuclei
Nuclei
•added 2 days ago•7 views

Adobe ColdFusion - RDS Arbitrary File Write

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. The RDS FILEIO WRITE operation allows unauthenticated...

10CVSS7.5AI score0.28583EPSS
Exploits3References2
Nuclei
Nuclei
•added 2 days ago•293 views

Apache HugeGraph-Server - Remote Command Execution

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution RC...

9.8CVSS7.2AI score0.9921EPSS
Exploits11References6
Total number of security vulnerabilities4145