Lucene search
K
NucleiRecent

4143 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.75 views

Oracle Weblogic Server - Remote Command Execution

Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. id: CVE-2020-14882 info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity:...

10CVSS8.9AI score0.99997EPSS
Exploits41References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.998 views

WordPress File Manager Plugin - Remote Code Execution

The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. id: CVE-2020-25213 Uploaded file will be accessible at:-...

10CVSS9.1AI score0.97328EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.49 views

Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...

7.5CVSS7.8AI score0.99992EPSS
Exploits24References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.58 views

Jira Server and Data Center - Information Disclosure

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from...

5.3CVSS6.4AI score0.99603EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.232 views

DrayTek - Remote Code Execution

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. id: CVE-2020-8515 info: name: DrayTek - Remote Code Execution...

10CVSS9.2AI score0.99993EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.73 views

MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database RDB version 2.0.0.1 and earlier contain...

9.8CVSS9.8AI score0.99737EPSS
Exploits4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.113 views

Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. id: CVE-2020-17506 info: name: Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection author:...

9.8CVSS8.7AI score0.93967EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.213 views

Zyxel NAS Firmware 5.21- Remote Code Execution

Multiple Zyxel network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using th...

10CVSS9.9AI score0.99988EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.52 views

F5 BIG-IP TMUI - Remote Code Execution

F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. id: CVE-2020-5902 info: name: ...

10CVSS7.9AI score0.99999EPSS
Exploits60References12
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.88 views

WordPress Chop Slider 3 - Blind SQL Injection

WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to getscript/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive informatio...

9.8CVSS9AI score0.95657EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.98 views

SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition

SAP NetWeaver AS JAVA LM Configuration Wizard, versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an...

10CVSS8.9AI score0.94719EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.41 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafte...

7.5CVSS6.8AI score0.95586EPSS
Exploits3References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.167 views

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note...

7.5CVSS8.7AI score0.94557EPSS
Exploits3References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.77 views

Apache Tomcat Servers - Remote Code Execution

Apache Tomcat servers 7.0.0 to 79 are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to t...

8.1CVSS8.7AI score0.99607EPSS
Exploits18References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.287 views

ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS9.1AI score0.99999EPSS
Exploits141References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.54 views

Drupal - Remote Code Execution

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. id: CVE-2018-7600 info: name: Drupal - Remote Code Execution author:...

9.8CVSS8.5AI score0.99993EPSS
Exploits46References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.49 views

WordPress PHPMailer < 5.2.18 - Remote Code Execution

WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...

9.8CVSS8AI score0.99714EPSS
Exploits58References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.216 views

MobileIron Core - Remote Unauthenticated API Access

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...

10CVSS8.7AI score0.99999EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.193 views

PaperCut - Unauthenticated Remote Code Execution

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

9.8CVSS9.2AI score0.99999EPSS
Exploits24References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.926 views

Microsoft Windows 'HTTP.sys' - Remote Code Execution

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." id: CVE-2015-1635 info: name: Microsoft...

10CVSS9.1AI score0.99999EPSS
Exploits16References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.216 views

MOVEit Transfer - Remote Code Execution

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

9.8CVSS8.7AI score0.99934EPSS
Exploits15References5
Nuclei
Nuclei
added 2026/06/15 7:8 a.m.21 views

DbGate - Remote Code Execution via Dynamic Import Bypass

DbGate versions = 7.1.8 are vulnerable to authenticated remote code execution via the POST /runners/load-reader endpoint. The functionName parameter is directly interpolated into a JavaScript code template without sanitization. The require=null mitigation is bypassed via dynamic import. id:...

6.2AI score0.00289EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/15 7:3 a.m.14 views

DbGate - Remote Code Execution via Anonymous JWT

DbGate contains a remote code execution vulnerability exploitable by unauthenticated attackers. The /auth/login endpoint issues anonymous JWT tokens without credentials, and the /runners/start endpoint accepts JavaScript payloads that execute via Node.js childprocess, allowing arbitrary command...

6.4AI score0.00336EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/15 7:3 a.m.11 views

YesWiki < 4.6.4 - Unauthenticated SQL Injection

YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...

5.8AI score0.0004EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/13 1:20 p.m.14 views

Ivanti Sentry - OS Command Injection

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...

10CVSS6.2AI score0.99041EPSS
Exploits6References2
Nuclei
Nuclei
added 2026/06/08 5:28 a.m.26 views

PrestaShop - Information Disclosure

User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...

3.7CVSS5.3AI score0.00755EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/06/04 3:48 a.m.16 views

Label Studio < 1.18.0 - Reflected XSS

Label Studio 1.18.0 contains a stored XSS caused by improper sanitization in POST /projects/upload-example/ endpoint, letting attackers inject malicious scripts to hijack sessions and perform unauthorized actions, exploit requires sending crafted requests. id: CVE-2025-47783 info: name: Label...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/06/03 6:13 a.m.16 views

E-Learning System 1.0 - SQL Injection

E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication. id: CVE-2021-3239 info: name: E-Learning System 1.0 - SQL Injection author:...

9.8CVSS7.8AI score0.17933EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/05/04 4:18 a.m.79 views

cPanel & WHM - Authentication Bypass via Session-File CRLF Injection

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. id: CVE-2026-41940 info:...

9.8CVSS6AI score0.981EPSS
Exploits64References5
Nuclei
Nuclei
added 2026/04/30 5:10 a.m.6 views

AVideo <= 26.0 - WWBN AVideo - Remote Code Execution

WWBN AVideo = 26.0 contains multiple vulnerabilities in the CloneSite plugin including unauthenticated exposure of clone secret keys and OS command injection in rsync command construction, letting unauthenticated attackers achieve remote code execution. id: CVE-2026-33478 info: name: AVideo = 26....

10CVSS5.7AI score0.13266EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/04/30 5:10 a.m.29 views

ZTE ZXHN-F660T/F660A - Default Credentials

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. id: CVE-2025-53558 info: name: ZTE ZXHN-F660T/F660A - Default Credentials author: DhiyaneshDK severity: high...

8.8CVSS8AI score0.0135EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/04/30 5:10 a.m.7 views

Wangshen SecGate 3600 Path Traversal Vulnerability

Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'filename' argument in '?g=logexportfile', letting remote attackers access arbitrary files, exploit requires remote access. id: CVE-2025-4078 info: name: Wangshen SecGate 3600 Path Traversal Vulnerability author: A...

5.3CVSS4.9AI score0.00966EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/04/23 12:18 p.m.48 views

WordPress 3D FlipBook Plugin <= 1.16.17 - Sensitive Information Exposure

The 3D FlipBook WordPress plugin ≤ v1.16.17 has a vulnerability where an unauthenticated AJAX action fb3dsendposts exposes sensitive data. Attackers can access all flipbook posts—including password-protected content, metadata, PDF URLs, and plugin settings—without authorization. id: CVE-2025-5822...

5.3CVSS5.7AI score0.00706EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/04/23 11:14 a.m.37 views

Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure

The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...

5.3CVSS5.7AI score0.00661EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/04/23 10:9 a.m.46 views

WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure

Efí Bank Gerencianet Oficial = 3.1.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data, exploit requires crafted requests. id: CVE-2025-59136 info: name: WordPress...

5.3CVSS5.8AI score0.00626EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/04/23 8:24 a.m.14 views

Simply Static - Information Disclosure

Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges. id: CVE-2024-32825 info:...

7.5CVSS5.7AI score0.02015EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/04/23 8:24 a.m.26 views

Yoco Payments <= 3.8.8 - Path Traversal

Yoco Payments WordPress plugin = 3.8.8 contains a path traversal caused by improper validation of the file parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2025-13801 info: name: Yoco Payments = 3.8.8 - Path Traversal author: 0xAkoko severity: high...

7.5CVSS5.9AI score0.01709EPSS
Exploits0
Nuclei
Nuclei
added 2026/04/23 7:16 a.m.9 views

AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure

AYS AI ChatBot with ChatGPT and Content Generator = 2.6.6 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted input. id: CVE-2025-62039 info:...

7.5CVSS5.8AI score0.01273EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/04/16 6:43 a.m.25 views

React Server Components - Denial of Service

React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause...

7.5CVSS6.5AI score0.65592EPSS
Exploits13References3
Nuclei
Nuclei
added 2026/04/14 2:54 a.m.39 views

AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection

WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active. id: CVE-2022-3254 info: name: AWP...

9.8CVSS7.5AI score0.05103EPSS
Exploits2References2
Nuclei
Nuclei
added 2026/04/13 4:19 a.m.16 views

WP Hotel Booking <= 2.1.0 - SQL Injection

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

10CVSS5.9AI score0.04186EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/04/09 12:38 p.m.6 views

WordPress The Wound Theme <= 0.0.1 - Local File Inclusion

The-wound WordPress theme through 0.0.1 contains a local file inclusion caused by insufficient validation of parameters used to generate paths passed to include functions, letting unauthenticated users perform LFI attacks and download arbitrary files from the server. id: CVE-2025-2558 info: name:...

8.6CVSS7.4AI score0.02134EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/04/09 11:29 a.m.7 views

WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion

The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...

8.8CVSS6.1AI score0.03034EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/04/09 3:47 a.m.31 views

GestSup - Cross-Site Scripting

GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar. id: CVE-2024-23167 info: name: GestSup - Cross-Site Scripting author: eeche,chae1xx1os,persona-twotwo,soonghee2,gy741 severity: high description: | GestS...

5.9AI score
Exploits0References3
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.16 views

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure

The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. id: CVE-2023-406...

7.5CVSS7.1AI score0.02036EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.16 views

AnythingLLM - Information Disclosure

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.32 views

UsersWP <= 1.2.10 - Unauthenticated SQL Injection

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...

9.8CVSS6.1AI score0.024EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.10 views

1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure

1 Click WordPress Migration = 2.2 contains an information disclosure caused by uncleared debug information, letting attackers retrieve embedded sensitive data, exploit requires no specific privileges. id: CVE-2025-32257 info: name: 1 Click WordPress Migration = 2.2 - Unauthenticated Information...

5.3CVSS7.2AI score0.00801EPSS
Exploits0
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.10 views

ChanCMS <= 3.1. - Remote Code Execution

yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...

6.5CVSS6.9AI score0.00971EPSS
Exploits1References4
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.11 views

Rocket TRUfusion Enterprise - Server Side Request Forgery

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource. id: CVE-2025-32355 info: name: Rocket TRUfusi...

7.9CVSS7.4AI score0.01249EPSS
Exploits1References2
Total number of security vulnerabilities4143