Apple Filing Protocol Login Utility
This module attempts to bruteforce authentication credentials for...
7.5AI Score
Description The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with...
8.8CVSS
6.5AI Score
0.001EPSS
AdMentor is a totally free ad rotator script written entirely in ASP. A security vulnerability in the product allows remote attackers to cause the login administration ASP to allow them to enter without knowing any username or password (thus bypassing any authentication protection enabled for...
7.1AI Score
0.003EPSS
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...
7.2CVSS
7.3AI Score
0.001EPSS
Tomcat Application Manager Login Utility
This module simply attempts to login to a Tomcat Application Manager instance using a specific...
7.2AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...
7.5AI Score
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users PoC On a site with the User Login/Registration widget active, have an unauthenticated user send.....
6AI Score
0.0005EPSS
Apple Pages Installed (Mac OS X)
Apple Pages is installed on the remote Mac OS X host. It is a tool for word processing and desktop...
0.6AI Score
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier....
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/update_status.php of the component Status Update Handler. The manipulation of the argument id leads to sql...
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched...
9.8CVSS
9.7AI Score
0.002EPSS
Description The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with...
4.3CVSS
6.5AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through...
6.8CVSS
6.6AI Score
0.0004EPSS
A vulnerability was found in SourceCodester School Registration and Fee System 1.0. It has been classified as critical. Affected is an unknown function of the file /bilal final/edit_stud.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address....
6.1CVSS
6AI Score
0.001EPSS
Nessus was able to log into the remote Sybase server using the supplied...
1.8AI Score
A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be...
6.1CVSS
6AI Score
0.001EPSS
Django vulnerable to XSS on 500 pages
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
6.1CVSS
6AI Score
0.002EPSS
Wordpress Profile Builder Plugin Cross-Site Scripting
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a.....
6.1CVSS
5.9AI Score
0.002EPSS
Cisco Firepower Management Console 6.0 Login
This module attempts to authenticate to a Cisco Firepower Management console via HTTPS. The credentials are also used for SSH, which could allow remote code...
7.9AI Score
HP System Management Homepage Login Utility
This module attempts to login to HP System Management Homepage using host operating system...
7.3AI Score
virt:ol and virt-devel:rhel security and enhancement update
hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...
7CVSS
8.3AI Score
0.002EPSS
AccessAlly <3.5.7 - Sensitive Information Leakage
WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakag...
7.5CVSS
7.5AI Score
0.026EPSS
DirectAdmin Web Control Panel Login Utility
This module will attempt to authenticate to a DirectAdmin Web Control...
7.2AI Score
BAVision IP Camera Web Server Login
This module will attempt to authenticate to an IP camera created by BAVision via the web service. By default, the vendor ships a default credential admin:123456 to its cameras, and the web server does not enforce lockouts in case of a bruteforce...
7.2AI Score
Western Digital MyBook Live Login Utility
This module simply attempts to login to a Western Digital MyBook Live instance using a specific...
7.2AI Score
5.9CVSS
5.5AI Score
0.0004EPSS
Microsoft Azure Active Directory Login Enumeration
This module enumerates valid usernames and passwords against a Microsoft Azure Active Directory domain by utilizing a flaw in how SSO...
7.2AI Score
Softing Secure Integration Server Login Utility
This module will attempt to authenticate to a Softing Secure Integration...
7.2AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2024-4358 Registration Authentication Bypass Vulnerability
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass...
9.8CVSS
7.3AI Score
0.938EPSS
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated...
6.2AI Score
0.0005EPSS
eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may...
7.1AI Score
CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
5.3CVSS
0.0005EPSS
Pie Register - Social Sites Login (Add on) < 1.7.8 - Unauthenticated Privilege Escalation
Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they...
9.8CVSS
7.1AI Score
0.001EPSS
eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may...
7.1AI Score
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is...
6.6AI Score
0.0004EPSS
CVE-2024-4358 Registration Authentication Bypass Vulnerability
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass...
9.8CVSS
9.8AI Score
0.938EPSS
CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
5.3CVSS
6.8AI Score
0.0005EPSS
PhpMyAdmin <4.8.2 - Local File Inclusion
PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted....
8.8CVSS
8.6AI Score
0.973EPSS
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
7.5CVSS
8.6AI Score
0.001EPSS
Movable Type User Registration Restriction Bypass
The version of Movable Type running on the remote host has a restriction bypass vulnerability. It is possible to create new user accounts even when registration has been disabled in the blog configuration. A remote attacker could exploit this to register new accounts for blogs that do not allow...
7.5AI Score
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched...
6.1CVSS
6AI Score
0.0005EPSS
Login with phone number < 1.7.27 - Authentication Bypass due to Missing Empty Value Check
Description The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible.....
9.8CVSS
9.3AI Score
0.001EPSS
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have...
10CVSS
8.2AI Score
0.738EPSS
WordPress Church Admin <0.810 - Cross-Site Scripting
WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via...
6.4AI Score
0.003EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 - Openfire Authentication Bypass This...
8.6CVSS
7.6AI Score
0.973EPSS