Lucene search
K
NucleiRecent

4143 matches found

Nuclei
Nuclei
added 2026/07/02 9:36 a.m.166 views

WordPress wpDiscuz <=7.0.4 - Remote Code Execution

WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. id: CVE-2020-24186 info: nam...

10CVSS8.1AI score0.94535EPSS
Exploits19References5
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.70 views

Fuel CMS 1.4.7 - SQL Injection

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...

9.8CVSS7.6AI score0.90044EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.30 views

Apache HTTP Server - Remote Code Execution

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...

9.8CVSS7.7AI score0.90039EPSS
Exploits2References2
Nuclei
Nuclei
added 2026/07/01 11:28 a.m.11 views

FOSSBilling - Server-Side Template Injection

A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.137 views

WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. i...

9.8CVSS7.3AI score0.90339EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.157 views

TP-Link Archer C20 - Authentication Bypass

A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...

7.6AI score0.03211EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.41 views

Ulterius Server < 1.9.5.0 - Directory Traversal

Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...

7.5CVSS7.1AI score0.91496EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.86 views

nostromo 1.9.6 - Remote Code Execution

nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function httpverify. id: CVE-2019-16278 info: name: nostromo 1.9.6 - Remote Code Execution author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an...

9.8CVSS7.9AI score0.99057EPSS
Exploits24References5
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.115 views

Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery

Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...

8.8CVSS7.3AI score0.90894EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.353 views

GeoServer <1.2.2 - Remote Code Execution

Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. id:...

10CVSS7.5AI score0.98739EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.9 views

WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection

The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

9.3CVSS5.8AI score0.0172EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.496 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.31 views

EyesOfNetwork - Hardcoded API Key

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. id: CVE-2020-8657 info: name:...

9.8CVSS7.3AI score0.91874EPSS
Exploits4References2
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.264 views

Primetek Primefaces 5.x - Remote Code Execution

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. id: CVE-2017-1000486 info: name: Primetek Primefaces 5.x - Remote Code Execution author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption fl...

9.8CVSS7.8AI score0.94104EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.218 views

Progress Kemp LoadMaster - Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...

10CVSS7.7AI score0.95388EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.22 views

Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

9.8CVSS7.7AI score0.95478EPSS
Exploits7References2
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.69 views

Agentejo Cockpit < 0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value. id: CVE-2020-35846 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critic...

9.8CVSS7.3AI score0.93201EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/29 5:52 a.m.48 views

CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution

CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...

9.8CVSS8.3AI score0.99995EPSS
Exploits12References5
Nuclei
Nuclei
added 2026/06/29 5:52 a.m.65 views

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive informatio...

5.3CVSS6.7AI score0.99298EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/29 5:52 a.m.153 views

Apache Struts2 S2-057 - Remote Code Execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS8AI score0.99993EPSS
Exploits41References5
Nuclei
Nuclei
added 2026/06/29 5:52 a.m.654 views

SPIP - Remote Command Execution

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. id: CVE-2023-27372 info: name: SPIP - Remote Command Execution author: DhiyaneshDK,nuts7 severity: critical description: ...

9.8CVSS7.4AI score0.99637EPSS
Exploits23References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.235 views

SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

10CVSS7.7AI score0.97945EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.59 views

SysAid Server - Remote Code Execution

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. id: CVE-2023-47246 info: name: SysAid Server - Remote Code Execution author: iamnoooob,rootxharsh,pdresearc...

9.8CVSS7.9AI score0.98851EPSS
Exploits3References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.19 views

dotCMS Core Publish Audit API - Unauthenticated SQL Injection

dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...

10CVSS6AI score0.01584EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.55 views

WP Time Capsule Plugin - Remote Code Execution

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...

9.8CVSS8AI score0.93709EPSS
Exploits7References6
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.119 views

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

10CVSS8.1AI score0.9348EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.83 views

Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...

9.8CVSS7.8AI score0.93804EPSS
Exploits4References2
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.74 views

WhatsUp Gold HasErrors SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6670 info: name: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass author: DhiyaneshDK,princechaddha severity:...

9.8CVSS7.6AI score0.94661EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.249 views

Skype for Business 2019 (SfB) - Blind Server-side Request Forgery

Skype Pre-Auth Server-side Request Forgery SSRF vulnerability id: CVE-2023-41763 info: name: Skype for Business 2019 SfB - Blind Server-side Request Forgery author: hateshape severity: medium description: | Skype Pre-Auth Server-side Request Forgery SSRF vulnerability impact: | Unauthenticated...

5.3CVSS7AI score0.90353EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.48 views

OctoberCMS - Account Takeover

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...

9.1CVSS7.5AI score0.90418EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.52 views

Apache Struts 2.0.0-2.5.25 - Remote Code Execution

Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. id: CVE-2020-17530 info: name: Apache Struts 2.0.0-2.5.25 - Remote Code Execution author: pikpikcu severity: critical...

9.8CVSS7.5AI score0.95922EPSS
Exploits11References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.47 views

DotCMS - Arbitrary File Upload

DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions. id: CVE-2022-26352 info: name: DotCMS - Arbitrary File Upload author: h1ei1 severity: critical description: DotCM...

9.8CVSS7.6AI score0.91501EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.65 views

Oracle Business Intelligence/XML Publisher - XML External Entity Injection

Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. id: CVE-2019-2616 info: name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection author: pdteam severity: high description: Oracle...

7.2CVSS7.1AI score0.92183EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.65 views

Apache Solr <=8.3.1 - Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...

7.5CVSS7.7AI score0.98567EPSS
Exploits12References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.442 views

Apache Axis2 Default Login

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. id: CVE-2010-02...

10CVSS6.2AI score0.89871EPSS
Exploits17References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.63 views

Zoho ManageEngine OpManger - Arbitrary File Read

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. id: CVE-2020-12116 info: name: Zoho ManageEngine OpManger - Arbitrary File Read author:...

7.5CVSS7.2AI score0.97418EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.168 views

ZyXel USG - Hardcoded Credentials

A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...

10CVSS7.6AI score0.90049EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.16 views

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

10CVSS7.7AI score0.9015EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.75 views

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...

10CVSS7AI score0.92189EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.110 views

Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

9.8CVSS7.8AI score0.97846EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.25 views

Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

10CVSS7.8AI score0.99199EPSS
Exploits5References4
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.408 views

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS7.6AI score0.99098EPSS
Exploits20References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.268 views

CraftCMS - Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

10CVSS7.9AI score0.99803EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.80 views

Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution

Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...

9.8CVSS7.9AI score0.9896EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.139 views

Apache Struts 2 - Remote Command Execution

Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a...

10CVSS7.8AI score0.99999EPSS
Exploits44References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.27 views

Majordomo2 - SMTP/HTTP Directory Traversal

A directory traversal vulnerability in the listfileget function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. dot dot sequences in the help command, as demonstrated using 1 a crafted email and 2 cgi-bin/mjwwwusr in the web interface. id:...

5CVSS7.8AI score0.95388EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.77 views

Apache OFBiz - Remote Code Execution

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45507 info: name: Apache OFBiz -...

9.8CVSS8.3AI score0.93243EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.199 views

Apache Struts2 S2-052 - Remote Code Execution

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads. id: CVE-2017-9805 info: name:...

8.1CVSS7.7AI score0.99461EPSS
Exploits23References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.230 views

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.8AI score0.99427EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.85 views

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS7.4AI score0.99999EPSS
Exploits15References5
Total number of security vulnerabilities4143