Vulnerabilities with Nuclei Scanner Templates
Updated 1h agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
4,077 results
Clear all
CVE-2019-12990
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.91
Citrix Netscaler Sd-wan < 10.0.8 - Path Traversal
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CWE-22
Jul 16, 2019
CVE-2019-12989
9.8
CRITICAL
KEV
1 PoC
Analysis
NUCLEI
EPSS 0.92
Citrix Netscaler Sd-wan < 10.0.8 - SQL Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
CWE-89
Jul 16, 2019
CVE-2019-12988
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.93
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
CWE-78
Jul 16, 2019
CVE-2019-12987
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.93
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
CWE-78
Jul 16, 2019
CVE-2019-12986
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.92
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
CWE-78
Jul 16, 2019
CVE-2019-12985
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.92
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
CWE-78
Jul 16, 2019
CVE-2019-1010290
6.1
MEDIUM
NUCLEI
EPSS 0.24
Babel All - Open Redirect
Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
CWE-601
Jul 16, 2019
CVE-2019-13396
5.3
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.69
Flightpath < 4.8.3 - Path Traversal
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
CWE-22
Jul 10, 2019
CVE-2019-13372
9.8
CRITICAL
EXPLOITED
1 PoC
Analysis
NUCLEI
EPSS 0.93
Dlink Central Wifimanager < 1.03 - Code Injection
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CWE-287
Jul 06, 2019
CVE-2019-10717
7.1
HIGH
NUCLEI
EPSS 0.12
Dotnetblogengine Blogengine.net - Path Traversal
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
CWE-22
Jul 03, 2019
CVE-2019-7256
9.8
CRITICAL
KEV
2 PoCs
Analysis
NUCLEI
EPSS 0.94
Linear eMerge E3-Series - Command Injection
Linear eMerge E3-Series devices allow Command Injections.
CWE-78
Jul 02, 2019
CVE-2019-7255
6.1
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.58
Linear eMerge E3-Series - XSS
Linear eMerge E3-Series devices allow XSS.
CWE-79
Jul 02, 2019
CVE-2019-7254
7.5
HIGH
EXPLOITED
2 PoCs
Analysis
NUCLEI
EPSS 0.91
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
CWE-22
Jul 02, 2019
CVE-2019-7276
9.8
CRITICAL
EXPLOITED
2 PoCs
Analysis
NUCLEI
EPSS 0.92
Optergy Proton/Enterprise - RCE
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
Jul 01, 2019
CVE-2019-7275
6.1
MEDIUM
NUCLEI
EPSS 0.60
Optergy Proton/Enterprise - Open Redirect
Optergy Proton/Enterprise devices allow Open Redirect.
CWE-601
Jul 01, 2019
CVE-2019-12581
6.1
MEDIUM
NUCLEI
EPSS 0.36
Zyxel Uag2100 Firmware < 4.18\(aaiz.1\)c0 - XSS
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CWE-79
Jun 27, 2019
CVE-2019-12583
9.1
CRITICAL
NUCLEI
EPSS 0.59
Zyxel Uag2100 Firmware < 4.18\(aaiz.1\)c0 - Denial of Service
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
CWE-425
Jun 27, 2019
CVE-2019-12962
6.1
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.05
Livezilla < 8.0.1.1 - XSS
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CWE-79
Jun 25, 2019
CVE-2019-12935
7.4
HIGH
NUCLEI
EPSS 0.04
Shopware < 5.5.8 - XSS
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
CWE-79
Jun 23, 2019
CVE-2019-1898
5.3
MEDIUM
NUCLEI
EPSS 0.79
Cisco RV110W, RV130W, and RV215W - Info Disclosure
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
CWE-285
Jun 20, 2019