Lucene search
K

1187 matches found

Nuclei
Nuclei
added yesterday41 views

Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. id: CVE-2017-18496 info: name: Htaccess by BestWebSoft 1.7.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.014EPSS
Exploits1References4
Cvelist
Cvelist
added yesterday13 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score
Exploits1References4
Metasploit
Metasploit
added 5 days ago116 views

Apache .htaccess Persistence

This module writes a persistence payload into an Apache .htaccess file using modcgi. The .htaccess file itself acts as a CGI shell, executing commands passed via the query string. Inspired by the htshells project by wireghoul. Module Options msf use exploit/linux/persistence/apachehtaccess msf...

6AI score
Exploits0
NVD
NVD
added 6 days ago10 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13533

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS0.00286EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 4:0 a.m.13 views

CVE-2026-13533

CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 4:0 a.m.8 views

EUVD-2026-40030

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:0 a.m.8 views

CVE-2026-13533

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/29 4:0 a.m.33 views

CVE-2026-13533 agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS0.00286EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.9 views

CVE-2026-44119

A flaw was found in Apache HTTP Server. This improper privilege management vulnerability allows local .htaccess authors to read files with the privileges of the httpd user. This could lead to unauthorized information disclosure...

5.5CVSS5.2AI score0.00171EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 4:16 p.m.9 views

UBUNTU-CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 3:17 p.m.118 views

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 3:17 p.m.8 views

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:17 p.m.7 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/08 3:17 p.m.13 views

EUVD-2026-35094

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:17 p.m.88 views

CVE-2026-44119

Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder