4143 matches found
Oracle Weblogic Server - Remote Command Execution
Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. id: CVE-2020-14882 info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity:...
WordPress File Manager Plugin - Remote Code Execution
The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. id: CVE-2020-25213 Uploaded file will be accessible at:-...
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...
Jira Server and Data Center - Information Disclosure
Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from...
DrayTek - Remote Code Execution
DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. id: CVE-2020-8515 info: name: DrayTek - Remote Code Execution...
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database RDB version 2.0.0.1 and earlier contain...
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. id: CVE-2020-17506 info: name: Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection author:...
Zyxel NAS Firmware 5.21- Remote Code Execution
Multiple Zyxel network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using th...
F5 BIG-IP TMUI - Remote Code Execution
F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. id: CVE-2020-5902 info: name: ...
WordPress Chop Slider 3 - Blind SQL Injection
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to getscript/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive informatio...
SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
SAP NetWeaver AS JAVA LM Configuration Wizard, versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an...
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafte...
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note...
Apache Tomcat Servers - Remote Code Execution
Apache Tomcat servers 7.0.0 to 79 are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to t...
ShellShock - Remote Code Execution
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...
Drupal - Remote Code Execution
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. id: CVE-2018-7600 info: name: Drupal - Remote Code Execution author:...
WordPress PHPMailer < 5.2.18 - Remote Code Execution
WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...
MobileIron Core - Remote Unauthenticated API Access
Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...
PaperCut - Unauthenticated Remote Code Execution
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...
Microsoft Windows 'HTTP.sys' - Remote Code Execution
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." id: CVE-2015-1635 info: name: Microsoft...
MOVEit Transfer - Remote Code Execution
In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...
DbGate - Remote Code Execution via Dynamic Import Bypass
DbGate versions = 7.1.8 are vulnerable to authenticated remote code execution via the POST /runners/load-reader endpoint. The functionName parameter is directly interpolated into a JavaScript code template without sanitization. The require=null mitigation is bypassed via dynamic import. id:...
DbGate - Remote Code Execution via Anonymous JWT
DbGate contains a remote code execution vulnerability exploitable by unauthenticated attackers. The /auth/login endpoint issues anonymous JWT tokens without credentials, and the /runners/start endpoint accepts JavaScript payloads that execute via Node.js childprocess, allowing arbitrary command...
YesWiki < 4.6.4 - Unauthenticated SQL Injection
YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...
Ivanti Sentry - OS Command Injection
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...
PrestaShop - Information Disclosure
User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...
Label Studio < 1.18.0 - Reflected XSS
Label Studio 1.18.0 contains a stored XSS caused by improper sanitization in POST /projects/upload-example/ endpoint, letting attackers inject malicious scripts to hijack sessions and perform unauthorized actions, exploit requires sending crafted requests. id: CVE-2025-47783 info: name: Label...
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication. id: CVE-2021-3239 info: name: E-Learning System 1.0 - SQL Injection author:...
cPanel & WHM - Authentication Bypass via Session-File CRLF Injection
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. id: CVE-2026-41940 info:...
AVideo <= 26.0 - WWBN AVideo - Remote Code Execution
WWBN AVideo = 26.0 contains multiple vulnerabilities in the CloneSite plugin including unauthenticated exposure of clone secret keys and OS command injection in rsync command construction, letting unauthenticated attackers achieve remote code execution. id: CVE-2026-33478 info: name: AVideo = 26....
ZTE ZXHN-F660T/F660A - Default Credentials
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. id: CVE-2025-53558 info: name: ZTE ZXHN-F660T/F660A - Default Credentials author: DhiyaneshDK severity: high...
Wangshen SecGate 3600 Path Traversal Vulnerability
Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'filename' argument in '?g=logexportfile', letting remote attackers access arbitrary files, exploit requires remote access. id: CVE-2025-4078 info: name: Wangshen SecGate 3600 Path Traversal Vulnerability author: A...
WordPress 3D FlipBook Plugin <= 1.16.17 - Sensitive Information Exposure
The 3D FlipBook WordPress plugin ≤ v1.16.17 has a vulnerability where an unauthenticated AJAX action fb3dsendposts exposes sensitive data. Attackers can access all flipbook posts—including password-protected content, metadata, PDF URLs, and plugin settings—without authorization. id: CVE-2025-5822...
Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure
The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...
WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure
Efí Bank Gerencianet Oficial = 3.1.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data, exploit requires crafted requests. id: CVE-2025-59136 info: name: WordPress...
Simply Static - Information Disclosure
Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges. id: CVE-2024-32825 info:...
Yoco Payments <= 3.8.8 - Path Traversal
Yoco Payments WordPress plugin = 3.8.8 contains a path traversal caused by improper validation of the file parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2025-13801 info: name: Yoco Payments = 3.8.8 - Path Traversal author: 0xAkoko severity: high...
AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure
AYS AI ChatBot with ChatGPT and Content Generator = 2.6.6 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted input. id: CVE-2025-62039 info:...
React Server Components - Denial of Service
React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause...
AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active. id: CVE-2022-3254 info: name: AWP...
WP Hotel Booking <= 2.1.0 - SQL Injection
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
WordPress The Wound Theme <= 0.0.1 - Local File Inclusion
The-wound WordPress theme through 0.0.1 contains a local file inclusion caused by insufficient validation of parameters used to generate paths passed to include functions, letting unauthenticated users perform LFI attacks and download arbitrary files from the server. id: CVE-2025-2558 info: name:...
WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion
The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...
GestSup - Cross-Site Scripting
GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar. id: CVE-2024-23167 info: name: GestSup - Cross-Site Scripting author: eeche,chae1xx1os,persona-twotwo,soonghee2,gy741 severity: high description: | GestS...
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure
The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. id: CVE-2023-406...
AnythingLLM - Information Disclosure
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
UsersWP <= 1.2.10 - Unauthenticated SQL Injection
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure
1 Click WordPress Migration = 2.2 contains an information disclosure caused by uncleared debug information, letting attackers retrieve embedded sensitive data, exploit requires no specific privileges. id: CVE-2025-32257 info: name: 1 Click WordPress Migration = 2.2 - Unauthenticated Information...
ChanCMS <= 3.1. - Remote Code Execution
yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...
Rocket TRUfusion Enterprise - Server Side Request Forgery
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource. id: CVE-2025-32355 info: name: Rocket TRUfusi...