Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
added 2026/04/03 7:34 a.m.10 views

ChanCMS <= 3.1. - Remote Code Execution

yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...

6.5CVSS6.9AI score0.00971EPSS
Exploits1References4
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.10 views

1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure

1 Click WordPress Migration = 2.2 contains an information disclosure caused by uncleared debug information, letting attackers retrieve embedded sensitive data, exploit requires no specific privileges. id: CVE-2025-32257 info: name: 1 Click WordPress Migration = 2.2 - Unauthenticated Information...

5.3CVSS7.2AI score0.00801EPSS
Exploits0
Nuclei
Nuclei
added 2026/04/02 5:22 a.m.31 views

Heimdall - Host Header Injection & Open Redirect

LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers X-Forwarded-Host and Referer, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges...

9.8CVSS5.9AI score0.02779EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/03/30 4:19 p.m.32 views

Citrix NetScaler SAML IDP - Memory Overread

NetScaler ADC and NetScaler Gateway contain an insufficient input validation vulnerability when configured as a SAML IDP, leading to memory overread, letting attackers potentially access sensitive memory, exploit requires configuration as SAML IDP id: CVE-2026-3055 info: name: Citrix NetScaler SA...

9.8CVSS7.4AI score0.83996EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/03/30 4:20 a.m.10 views

Mailpit < 1.28.2 - SMTP CRLF Injection

Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...

5.3CVSS5.9AI score0.01441EPSS
Exploits4References2
Nuclei
Nuclei
added 2026/03/09 5:27 a.m.15 views

TRUfusion Enterprise <= 7.10.4.0 - Path Traversal

Pre-Auth Path Traversal Allowing to Leak Local server files disclosing sensitive clear-text passwords. id: CVE-2025-27222 info: name: TRUfusion Enterprise = 7.10.4.0 - Path Traversal author: DhiyaneshDK,rcesecurity severity: critical description: | Pre-Auth Path Traversal Allowing to Leak Local...

8.6CVSS5.8AI score0.01895EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/03/06 11:22 p.m.9 views

Course Booking System <= 6.0.6 - SQL Injection

The Course Booking System plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.3CVSS5.8AI score0.02847EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/16 1:49 a.m.14 views

Landray EIS SQL注入漏洞

Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...

4.3CVSS6AI score0.01262EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/12 11:17 a.m.11 views

12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure

The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5.This makes it possible for unauthenticated attackers to extract sensitive user or configuration data via two AJAX endpoints: tsmlinfo and tsmlgeocodes. id:...

5.3CVSS5.5AI score0.00933EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/12 8:3 a.m.10 views

WordPress Download Manager <= 3.2.59 - Reflected XSS

W3 Eden, Inc. Download Manager plugin = 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link. id: CVE-2022-45836 info: name: WordPre...

7.1CVSS5.2AI score0.00685EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/12 5:7 a.m.9 views

Studiocart <= 2.9.0 - Cross-Site Scripting

The Studiocart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if the...

7.1CVSS5.8AI score0.00376EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/12 5:7 a.m.11 views

Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Cross-Site Scripting

The Plugin Oficial – Getnet para WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on the 'page' parameter. This makes it possible for unauthenticated attackers to...

6.1CVSS5.8AI score0.00525EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/02/12 12:4 a.m.8 views

WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header

The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...

6.1CVSS5.5AI score0.00679EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/12 12:3 a.m.11 views

WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery

Sygnoos Popup Builder plugin = 4.1.11 for WordPress contains a cross-site request forgery caused by lack of CSRF protection in plugin settings update, letting attackers change settings without authorization, exploit requires victim to visit malicious site or click malicious link. id: CVE-2022-294...

5.4CVSS5.1AI score0.0043EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/11 6:48 p.m.11 views

Lazy Blocks <= 3.8.2 - Cross-Site Scripting

Custom Block Builder WordPress plugin 3.8.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to load malicious page. id:...

7.1CVSS5.2AI score0.00593EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/11 4:55 p.m.9 views

PropertyHive < 2.1.1 - Cross-Site Scripting

The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'phmessage' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.8AI score0.00609EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/10 11:24 a.m.12 views

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

Stripe Payment Plugin for WooCommerce for WordPress versions up to 3.7.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on 'id' parameter, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'id' parameter. id:...

9.8CVSS6.1AI score0.02657EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/09 9:43 a.m.8 views

WordPress File Manager < 3.0 - Cross-Site Scripting

WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting XSS via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. id: CVE-2018-16363 info: name: WordPress File Manager 3...

5.4CVSS5.1AI score0.0139EPSS
Exploits2References4
Nuclei
Nuclei
added 2026/02/09 8:27 a.m.26 views

User Submitted Posts <= 20251121 - Unauthenticated Open Redirect

The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...

4.7CVSS5.5AI score0.00475EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/09 7:56 a.m.34 views

WordPress MStore API <= 4.0.1 - Unauthenticated SQL Injection

MStore API plugin for WordPress up to version 4.0.1 contains an unauthenticated blind SQL injection caused by insufficient escaping of 'id' parameter in SQL queries, letting attackers execute arbitrary SQL commands without authentication, exploit requires sending crafted requests with malicious...

9.8CVSS6.1AI score0.03902EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/07 12:3 a.m.11 views

WordPress List Site Contributors < 1.1.8 - Reflected XSS

WordPress List Site Contributors plugin 1.1.8 contains a reflected XSS caused by insufficient sanitization and escaping of the 'alpha' parameter, letting unauthenticated attackers inject scripts, exploit requires user interaction. id: CVE-2026-0594 info: name: WordPress List Site Contributors 1.1...

6.1CVSS5.2AI score0.00693EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/06 11:12 a.m.10 views

WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS5.7AI score0.01453EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/05 7:9 a.m.12 views

ProfileGrid <= 5.7.8 - SQL Injection

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...

9.8CVSS8.6AI score0.02267EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.166 views

Ntopng Authentication Bypass

Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...

9.8CVSS9.2AI score0.14195EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.146 views

IBM WebSphere HCL Digital Experience - Server-Side Request Forgery

IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...

5.6AI score
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.86 views

SpringBlade - Information Leakage

SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGNKEY, which can be exploited by...

6.7AI score
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.68 views

SolarView Compact 6.00 - 'pow' Cross-Site Scripting

SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to SolarSlideSub.php. id: CVE-2022-29301 info: name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting author: For3stCo1d severity: high description: | SolarView Compact version 6.00 contains a...

6.2AI score
Exploits3References4
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.20 views

Twonky Server 8.5.2 on Linux and Windows - Log File Exposure

Twonky Server 8.5.2 contains a broken access control vulnerability caused by bypassing web service API authentication, letting unauthenticated attackers read log files with administrator credentials, exploit requires no authentication id: CVE-2025-13315 info: name: Twonky Server 8.5.2 on Linux an...

9.8CVSS6.8AI score0.32548EPSS
Exploits3References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.201 views

Odoo - Cross-Site Scripting

Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint. id: CVE-2023-1434 info: name: Odoo - Cross-Si...

6.9AI score
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.295 views

Temenos T24 R20 - Cross-Site Scripting

Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.5AI score
Exploits0References5
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.9 views

Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS7.5AI score0.60875EPSS
Exploits5References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.21 views

Gladinet CentreStack & Triofox - Hardcoded Credentials

Gladinet CentreStack and Triofox 16.12.10420.56791 contain a hardcoded credentials vulnerability caused by use of hardcoded AES cryptoscheme values, letting attackers perform arbitrary local file inclusion without authentication, potentially leading to full system compromise. id: CVE-2025-14611...

9.8CVSS6.8AI score0.50949EPSS
Exploits3References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.23 views

Adobe Commerce - Authentication Bypass

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...

9.1CVSS6.9AI score0.96742EPSS
Exploits9References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.30 views

Harman Media Suite <= 4.2.0 - Local File Disclosure

Harman Media Suite versions 4.2.0 and below are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled. id: CVE-2023-39024 info...

6.9AI score
Exploits1References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.9 views

Couchbase Server - Broken Access Control

Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit require...

9.8CVSS7AI score0.03939EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.50 views

Nodogsplash - Directory Traversal

Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. id: CVE-2023-39120 info...

6.9AI score
Exploits0References4
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.206 views

Monitorr Services Configuration - Arbitrary File Upload

A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The...

8.7AI score
Exploits7References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.14 views

Modular DS - Broken Access Control

Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions. id: CVE-2026-23550 info: name: Modular DS - Broken Access Control author: DhiyaneshDk severity: high...

9.8CVSS5.6AI score0.20631EPSS
Exploits8References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.9 views

SmarterTools SmarterMail - Admin Password Reset

Detected a SmartMail admin password reset vulnerability by sending a POST request to the /api/v1/auth/force-reset-password endpoint, indicating that administrative password resets could potentially be triggered without proper authorization. id: CVE-2026-23760 info: name: SmarterTools SmarterMail ...

9.8CVSS7.7AI score0.96268EPSS
Exploits3References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.13 views

MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting

MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwpsetuppurchaseusername' parameter, letting unauthenticated attacke...

7.2CVSS6.5AI score0.01228EPSS
Exploits3References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.12 views

Atarim < 4.2.2 - Sensitive Information Exposure

Vito Peleg Atarim = 4.2 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data remotely, exploit requires no special privileges. id: CVE-2025-60188 info: name: Atarim...

7.5CVSS5.2AI score0.02882EPSS
Exploits2References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Commvault Unauthenticated Password Disclosure (WT-2025-0047)

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...

6.9CVSS7.3AI score0.02721EPSS
Exploits4References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.23 views

Zimbra Collaboration - Local File Inclusion

Zimbra Collaboration ZCS 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint. id:...

8.8CVSS5.8AI score0.31769EPSS
Exploits5References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.13 views

Vite - Information Disclosure

Vite is a frontend tooling framework for JavaScript.In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended wi...

6CVSS7.2AI score0.01031EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.14 views

Omnissa Workspace ONE UEM - Path Traversal

Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...

7.5CVSS6.5AI score0.20348EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.19 views

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

5.4CVSS7.3AI score0.01104EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.11 views

Eveo URVE Web Manager - Server-Side Request Forgery

Eveo URVE Web Manager 27.02.2025 contains a server-side request forgery caused by improper validation of URL input in /internal/redirect.php, letting attackers make requests to internal endpoints, exploit requires crafted URL input. id: CVE-2025-36845 info: name: Eveo URVE Web Manager - Server-Si...

8.6CVSS5.4AI score0.0158EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.34 views

Hoverfly <= 1.11.3 - Remote Code Execution

Hoverfly versions 1.11.3 and below are vulnerable to remote code execution RCE via command injection in the middleware API endpoint /api/v2/hoverfly/middleware. Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the...

9.8CVSS9AI score0.10543EPSS
Exploits7References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.13 views

HPE OneView - Remote Code Execution

HPE OneView contains a remote code execution vulnerability, letting remote attackers execute arbitrary code. id: CVE-2025-37164 info: name: HPE OneView - Remote Code Execution author: DhiyaneshDk,garciaizcoa severity: critical description: | HPE OneView contains a remote code execution...

10CVSS7AI score0.89733EPSS
Exploits8References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.30 views

Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution

Advanced Custom Fields: Extended WordPress plugin 0.9.0.5 through 0.9.1.1 contains a remote code execution caused by unsafe use of calluserfuncarray in prepareform function, letting unauthenticated attackers execute arbitrary code remotely. id: CVE-2025-13486 info: name: Advanced Custom Fields...

9.8CVSS8.7AI score0.73557EPSS
Exploits10References2
Total number of security vulnerabilities4145