Vulnerabilities with Nuclei Scanner Templates
Updated 3h agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
4,077 results
Clear all
CVE-2022-31470
6.1
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.26
Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
CWE-79
Jun 07, 2022
CVE-2022-26134
9.8
CRITICAL
KEV
SSVC ACTIVE
RANSOMWARE
79 PoCs
Analysis
NUCLEI
EPSS 0.94
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CWE-917
Jun 03, 2022
CVE-2022-32028
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Car Rental Management System - SQL Injection
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
CWE-89
Jun 02, 2022
CVE-2022-32026
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Car Rental Management System - SQL Injection
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.
CWE-89
Jun 02, 2022
CVE-2022-32025
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Car Rental Management System - SQL Injection
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.
CWE-89
Jun 02, 2022
CVE-2022-32024
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Car Rental Management System - SQL Injection
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.
CWE-89
Jun 02, 2022
CVE-2022-32022
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Car Rental Management System - SQL Injection
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.
CWE-89
Jun 02, 2022
CVE-2022-32018
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Complete Online Job Search System - SQL Injection
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.
CWE-89
Jun 02, 2022
CVE-2022-32015
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Complete Online Job Search System - SQL Injection
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.
CWE-89
Jun 02, 2022
CVE-2022-32007
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.12
Complete Online Job Search System - SQL Injection
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.
CWE-89
Jun 02, 2022
CVE-2022-31984
7.2
HIGH
EXPLOITED
1 Writeup
NUCLEI
EPSS 0.24
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
CWE-89
Jun 02, 2022
CVE-2022-31978
9.8
CRITICAL
1 Writeup
NUCLEI
EPSS 0.48
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.
CWE-89
Jun 02, 2022
CVE-2022-31977
9.8
CRITICAL
1 Writeup
NUCLEI
EPSS 0.38
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
CWE-89
Jun 02, 2022
CVE-2022-31976
9.8
CRITICAL
1 Writeup
NUCLEI
EPSS 0.42
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
CWE-89
Jun 02, 2022
CVE-2022-31975
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.18
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.
CWE-89
Jun 02, 2022
CVE-2022-31974
7.2
HIGH
1 Writeup
NUCLEI
EPSS 0.18
Online Fire Reporting System - SQL Injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.
CWE-89
Jun 02, 2022
CVE-2022-30514
6.1
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.07
School Dormitory Management System - XSS
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.
CWE-79
Jun 02, 2022
CVE-2022-30513
6.1
MEDIUM
1 PoC
Analysis
NUCLEI
EPSS 0.07
School Dormitory Management System - XSS
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125
CWE-79
Jun 02, 2022
CVE-2022-30512
9.8
CRITICAL
1 PoC
Analysis
NUCLEI
EPSS 0.72
School Dormitory Management System - SQL Injection
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.
CWE-89
Jun 02, 2022
CVE-2022-25237
9.8
CRITICAL
EXPLOITED
NUCLEI
EPSS 0.91
Bonitasoft Bonita Web - Remote Code Execution
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions.
Jun 02, 2022