Lucene search
K
NucleiRecent

4143 matches found

Nuclei
Nuclei
•added 4 days ago•48 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7AI score0.99585EPSS
Exploits5References5
Nuclei
Nuclei
•added 4 days ago•131 views

Apache Tomcat Path Equivalence - Remote Code Execution

Path Equivalence- 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. id: CVE-2025-24813 info: name: Apache Tomcat Path Equivalence - Remote Code Execution...

10CVSS7.2AI score0.99945EPSS
Exploits47References5
Nuclei
Nuclei
•added 4 days ago•143 views

Next.js Middleware Bypass

Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other securit...

9.1CVSS6.8AI score0.99301EPSS
Exploits58References3
Nuclei
Nuclei
•added 4 days ago•63 views

Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

9.2CVSS7.1AI score0.83479EPSS
Exploits1References3
Nuclei
Nuclei
•added 4 days ago•105 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References5
Nuclei
Nuclei
•added 4 days ago•77 views

F5 iControl REST - Remote Command Execution

F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...

10CVSS7.2AI score0.99898EPSS
Exploits20References5
Nuclei
Nuclei
•added 4 days ago•28 views

SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation

SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...

9.8CVSS7.1AI score0.83425EPSS
Exploits0References2
Nuclei
Nuclei
•added 4 days ago•286 views

Oracle Access Manager - Remote Code Execution

The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...

9.8CVSS7.1AI score0.96284EPSS
Exploits5References5
Nuclei
Nuclei
•added 4 days ago•87 views

Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting

Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application. id: CVE-2021-26812 info: name: Moodle...

6.1CVSS6.4AI score0.97461EPSS
Exploits1References4
Nuclei
Nuclei
•added 4 days ago•116 views

Tenda Router AC11 - Remote Command Injection

Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-31755 info: name: Tenda Router AC11 - Remote Comman...

10CVSS7.2AI score0.85849EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•60 views

Ivanti Avalanche 6.3.2 - Local File Inclusion

Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. id: CVE-2021-30497 info: name: Ivanti Avalanche 6.3.2 - Local File Inclusion author: gy741 severity: high description: Ivanti Avalanch...

7.5CVSS7AI score0.9658EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•86 views

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1497 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

10CVSS7.1AI score0.99999EPSS
Exploits6References7
Nuclei
Nuclei
•added 4 days ago•31 views

Metabase - Local File Inclusion

Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not...

10CVSS7AI score0.97178EPSS
Exploits5References5
Nuclei
Nuclei
•added 4 days ago•177 views

Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

9.8CVSS7AI score0.93053EPSS
Exploits5References5
Nuclei
Nuclei
•added 4 days ago•82 views

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with th...

6.1CVSS6.7AI score0.97714EPSS
Exploits3References5
Nuclei
Nuclei
•added 4 days ago•50 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS7.1AI score0.85619EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•22 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7AI score0.97788EPSS
Exploits6References5
Nuclei
Nuclei
•added 4 days ago•38 views

n8n - Remote Code Execution via Expression Injection

n8n 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. id: CVE-2025-68613 info: name: n8n - Remote Code...

9.9CVSS7.6AI score0.97875EPSS
Exploits29References2
Nuclei
Nuclei
•added 4 days ago•23 views

Gladinet CentreStack & TrioFox - Local File Inclusion

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

7.5CVSS6.5AI score0.92094EPSS
Exploits4References4
Nuclei
Nuclei
•added 4 days ago•33 views

Jenkins CLI - HTTP Java Deserialization

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. id: CVE-2016-9299 info: name: Jenkins CLI - HTTP Java Deserialization author:...

9.8CVSS7.3AI score0.96943EPSS
Exploits5References2
Nuclei
Nuclei
•added 4 days ago•19 views

Roundcube Webmail - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. id: CVE-2024-42009 info: name:...

9.3CVSS7.1AI score0.84446EPSS
Exploits6References3
Nuclei
Nuclei
•added 4 days ago•83 views

SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...

9.8CVSS7.3AI score0.99912EPSS
Exploits7References5
Nuclei
Nuclei
•added 4 days ago•64 views

Cisco HyperFlex HX Data Platform - Arbitrary File Upload

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user. id:...

5.3CVSS6.3AI score0.80426EPSS
Exploits5References5
Nuclei
Nuclei
•added 4 days ago•196 views

Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS6.8AI score0.84607EPSS
Exploits0References5
Nuclei
Nuclei
•added 4 days ago•81 views

Resourcespace - Cross-Site Scripting

ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. id: CVE-2021-41951 info: name: Resourcespace - Cross-Site Scripting author: coldfish severity: medium description: ResourceSpac...

6.1CVSS6.4AI score0.77892EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•190 views

Apache Druid - Local File Inclusion

Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of t...

6.5CVSS6.4AI score0.81038EPSS
Exploits3References5
Nuclei
Nuclei
•added 4 days ago•85 views

ASUS GT-AC2900 - Authentication Bypass

ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handlerequest in router/httpd/httpd.c and authcheck in webhook.o. An...

9.8CVSS7.2AI score0.99393EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•250 views

Apache Airflow - Unauthenticated Variable Import

Apache Airflow Airflow =2.0.0 and =2.0.0 and 2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution...

9.8CVSS7.2AI score0.80938EPSS
Exploits2References5
Nuclei
Nuclei
•added 4 days ago•50 views

Draytek VigorConnect 6.0-B3 - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id: CVE-2021-201...

7.8CVSS7.1AI score0.69248EPSS
Exploits1References4
Nuclei
Nuclei
•added 4 days ago•103 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS7.1AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
•added 4 days ago•54 views

FLIR AX8 1.46.16 - Remote Command Injection

FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS...

9.8CVSS7.2AI score0.99607EPSS
Exploits9References3
Nuclei
Nuclei
•added 4 days ago•211 views

Sitecore Experience Platform Pre-Auth RCE

Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required. id: CVE-2021-42237 info: name: Sitecore Experience Platform Pre-Auth RCE author: pdteam...

10CVSS7.1AI score0.97904EPSS
Exploits4References5
Nuclei
Nuclei
•added 4 days ago•65 views

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

5.3CVSS6.8AI score0.84657EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•53 views

ThinVNC 1.0b1 - Authentication Bypass

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a...

9.8CVSS7.1AI score0.96758EPSS
Exploits11References5
Nuclei
Nuclei
•added 4 days ago•43 views

eMerge E3 1.00-06 - Local File Inclusion

Linear eMerge E3-Series devices are vulnerable to local file inclusion. id: CVE-2019-7254 info: name: eMerge E3 1.00-06 - Local File Inclusion author: 0xAkoko severity: high description: Linear eMerge E3-Series devices are vulnerable to local file inclusion. impact: | Successful exploitation of...

7.5CVSS7AI score0.82036EPSS
Exploits8References5
Nuclei
Nuclei
•added 4 days ago•88 views

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

9.8CVSS7.3AI score0.80682EPSS
Exploits4References4
Nuclei
Nuclei
•added 4 days ago•77 views

Jira <8.4.0 - Information Disclosure

Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-8449 info: name: Jira 8.4...

5.3CVSS6.3AI score0.84771EPSS
Exploits8References5
Nuclei
Nuclei
•added 4 days ago•82 views

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

9.8CVSS7AI score0.77956EPSS
Exploits1References5
Nuclei
Nuclei
•added 4 days ago•94 views

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.3AI score0.96182EPSS
Exploits16References5
Nuclei
Nuclei
•added 4 days ago•17 views

VMware vRealize Log Insight - Improper Access Control to RCE

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...

9.8CVSS7.3AI score0.81011EPSS
Exploits3References3
Nuclei
Nuclei
•added 4 days ago•74 views

Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

9.8CVSS7.2AI score0.99948EPSS
Exploits7References5
Nuclei
Nuclei
•added 4 days ago•104 views

cgit < 1.2.1 - Directory Traversal

cGit 1.2.1 via cgitcloneobjects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. id: CVE-2018-14912 info: name: cgit 1.2.1 - Directory Traversal author: 0xAkoko severity: high description: cGit...

7.5CVSS6.9AI score0.93188EPSS
Exploits7References5
Nuclei
Nuclei
•added 4 days ago•51 views

Apache Kylin 3.0.1 - Command Injection Vulnerability

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. id: CVE-2020-1956 info: name: Apache Kylin 3.0.1 - Command Injecti...

9CVSS7.1AI score0.97337EPSS
Exploits2References5
Nuclei
Nuclei
•added 4 days ago•52 views

WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness

ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the /src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator. id: CVE-2021-34621 info: name: WordPress ProfilePress 3.0.0-3.1.3 - Admin Use...

9.8CVSS7AI score0.68862EPSS
Exploits8References4
Nuclei
Nuclei
•added 4 days ago•109 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.1AI score0.98124EPSS
Exploits6References5
Nuclei
Nuclei
•added 4 days ago•162 views

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

9CVSS7.2AI score0.99977EPSS
Exploits40References5
Nuclei
Nuclei
•added 4 days ago•70 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.2AI score0.7829EPSS
Exploits12References3
Nuclei
Nuclei
•added 4 days ago•77 views

ConnectWise ScreenConnect 23.9.7 - Authentication Bypass

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. id: CVE-2024-1709 info: name: ConnectWise ScreenConnect 23.9.7 -...

10CVSS7.1AI score0.99959EPSS
Exploits8References5
Nuclei
Nuclei
•added 4 days ago•787 views

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

9.8CVSS7.1AI score0.99869EPSS
Exploits23References5
Nuclei
Nuclei
•added 4 days ago•126 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7AI score0.82585EPSS
Exploits6References5
Total number of security vulnerabilities4143