VYPR

Nuclei Templates

by Projectdiscovery

Source repositories

CVEs (7)

  • CVE-2025-34046CriJun 26, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…

  • CVE-2025-71284CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.06

    Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated…

  • CVE-2023-7330CriNov 24, 2025
    risk 0.61cvss epss 0.01

    Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation…

  • CVE-2025-34044CriJun 26, 2025
    risk 0.61cvss epss 0.05

    A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS…

  • CVE-2021-4461CriOct 30, 2025
    risk 0.60cvss epss 0.01

    Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling…

  • CVE-2025-34047HigJun 26, 2025
    risk 0.57cvss epss 0.00

    A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient…

  • CVE-2023-42344HigMay 8, 2026
    risk 0.42cvss 7.3epss 0.02

    Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.