4145 matches found
ChanCMS <= 3.1. - Remote Code Execution
yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure
1 Click WordPress Migration = 2.2 contains an information disclosure caused by uncleared debug information, letting attackers retrieve embedded sensitive data, exploit requires no specific privileges. id: CVE-2025-32257 info: name: 1 Click WordPress Migration = 2.2 - Unauthenticated Information...
Heimdall - Host Header Injection & Open Redirect
LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers X-Forwarded-Host and Referer, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges...
Citrix NetScaler SAML IDP - Memory Overread
NetScaler ADC and NetScaler Gateway contain an insufficient input validation vulnerability when configured as a SAML IDP, leading to memory overread, letting attackers potentially access sensitive memory, exploit requires configuration as SAML IDP id: CVE-2026-3055 info: name: Citrix NetScaler SA...
Mailpit < 1.28.2 - SMTP CRLF Injection
Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...
TRUfusion Enterprise <= 7.10.4.0 - Path Traversal
Pre-Auth Path Traversal Allowing to Leak Local server files disclosing sensitive clear-text passwords. id: CVE-2025-27222 info: name: TRUfusion Enterprise = 7.10.4.0 - Path Traversal author: DhiyaneshDK,rcesecurity severity: critical description: | Pre-Auth Path Traversal Allowing to Leak Local...
Course Booking System <= 6.0.6 - SQL Injection
The Course Booking System plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
Landray EIS SQL注入漏洞
Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...
12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5.This makes it possible for unauthenticated attackers to extract sensitive user or configuration data via two AJAX endpoints: tsmlinfo and tsmlgeocodes. id:...
WordPress Download Manager <= 3.2.59 - Reflected XSS
W3 Eden, Inc. Download Manager plugin = 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link. id: CVE-2022-45836 info: name: WordPre...
Studiocart <= 2.9.0 - Cross-Site Scripting
The Studiocart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if the...
Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Cross-Site Scripting
The Plugin Oficial – Getnet para WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on the 'page' parameter. This makes it possible for unauthenticated attackers to...
WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...
WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery
Sygnoos Popup Builder plugin = 4.1.11 for WordPress contains a cross-site request forgery caused by lack of CSRF protection in plugin settings update, letting attackers change settings without authorization, exploit requires victim to visit malicious site or click malicious link. id: CVE-2022-294...
Lazy Blocks <= 3.8.2 - Cross-Site Scripting
Custom Block Builder WordPress plugin 3.8.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to load malicious page. id:...
PropertyHive < 2.1.1 - Cross-Site Scripting
The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'phmessage' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter. id:...
WordPress File Manager < 3.0 - Cross-Site Scripting
WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting XSS via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. id: CVE-2018-16363 info: name: WordPress File Manager 3...
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...
WordPress MStore API <= 4.0.1 - Unauthenticated SQL Injection
MStore API plugin for WordPress up to version 4.0.1 contains an unauthenticated blind SQL injection caused by insufficient escaping of 'id' parameter in SQL queries, letting attackers execute arbitrary SQL commands without authentication, exploit requires sending crafted requests with malicious...
WordPress List Site Contributors < 1.1.8 - Reflected XSS
WordPress List Site Contributors plugin 1.1.8 contains a reflected XSS caused by insufficient sanitization and escaping of the 'alpha' parameter, letting unauthenticated attackers inject scripts, exploit requires user interaction. id: CVE-2026-0594 info: name: WordPress List Site Contributors 1.1...
WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
ProfileGrid <= 5.7.8 - SQL Injection
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...
Ntopng Authentication Bypass
Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...
IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...
SpringBlade - Information Leakage
SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGNKEY, which can be exploited by...
SolarView Compact 6.00 - 'pow' Cross-Site Scripting
SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to SolarSlideSub.php. id: CVE-2022-29301 info: name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting author: For3stCo1d severity: high description: | SolarView Compact version 6.00 contains a...
Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
Twonky Server 8.5.2 contains a broken access control vulnerability caused by bypassing web service API authentication, letting unauthenticated attackers read log files with administrator credentials, exploit requires no authentication id: CVE-2025-13315 info: name: Twonky Server 8.5.2 on Linux an...
Odoo - Cross-Site Scripting
Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint. id: CVE-2023-1434 info: name: Odoo - Cross-Si...
Temenos T24 R20 - Cross-Site Scripting
Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
Gladinet CentreStack & Triofox - Hardcoded Credentials
Gladinet CentreStack and Triofox 16.12.10420.56791 contain a hardcoded credentials vulnerability caused by use of hardcoded AES cryptoscheme values, letting attackers perform arbitrary local file inclusion without authentication, potentially leading to full system compromise. id: CVE-2025-14611...
Adobe Commerce - Authentication Bypass
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...
Harman Media Suite <= 4.2.0 - Local File Disclosure
Harman Media Suite versions 4.2.0 and below are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled. id: CVE-2023-39024 info...
Couchbase Server - Broken Access Control
Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit require...
Nodogsplash - Directory Traversal
Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. id: CVE-2023-39120 info...
Monitorr Services Configuration - Arbitrary File Upload
A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The...
Modular DS - Broken Access Control
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions. id: CVE-2026-23550 info: name: Modular DS - Broken Access Control author: DhiyaneshDk severity: high...
SmarterTools SmarterMail - Admin Password Reset
Detected a SmartMail admin password reset vulnerability by sending a POST request to the /api/v1/auth/force-reset-password endpoint, indicating that administrative password resets could potentially be triggered without proper authorization. id: CVE-2026-23760 info: name: SmarterTools SmarterMail ...
MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwpsetuppurchaseusername' parameter, letting unauthenticated attacke...
Atarim < 4.2.2 - Sensitive Information Exposure
Vito Peleg Atarim = 4.2 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data remotely, exploit requires no special privileges. id: CVE-2025-60188 info: name: Atarim...
Commvault Unauthenticated Password Disclosure (WT-2025-0047)
An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...
Zimbra Collaboration - Local File Inclusion
Zimbra Collaboration ZCS 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint. id:...
Vite - Information Disclosure
Vite is a frontend tooling framework for JavaScript.In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended wi...
Omnissa Workspace ONE UEM - Path Traversal
Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...
Commvault Initial Administrator Login Process Vulnerability
An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...
Eveo URVE Web Manager - Server-Side Request Forgery
Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...
Hoverfly <= 1.11.3 - Remote Code Execution
Hoverfly versions 1.11.3 and below are vulnerable to remote code execution RCE via command injection in the middleware API endpoint /api/v2/hoverfly/middleware. Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the...
HPE OneView - Remote Code Execution
HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code. id: CVE-2025-37164 info: name: HPE OneView - Remote Code Execution author: DhiyaneshDk,garciaizcoa severity: critical description: | HPE OneView contains a remote code execution...
Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution
Advanced Custom Fields: Extended WordPress plugin 0.9.0.5 through 0.9.1.1 contains a remote code execution caused by unsafe use of calluserfuncarray in prepareform function, letting unauthenticated attackers execute arbitrary code remotely. id: CVE-2025-13486 info: name: Advanced Custom Fields...