CVE-2026-1405

creationtimestamp| type| source ---|---|--- 2026-02-19 17:06:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfa3e6vzzp2u 2026-03-23 10:45:53+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-1405.yaml 2026-04-18...

CVE-2026-1405 Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'sliderfuturehandleimageupload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

PT-2026-20278

Name of the Vulnerable Software and Affected Versions Slider Future versions up to and including 1.0.5 Description The Slider Future plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the slider future handle image upload function. This...

Exploit for CVE-2019-1322

COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo https://vimeo.com/373051209 Usage Compile or Download from Release https://github.com/apt69/COMahawk/releases 1. Run COMahawk.exe 2. ??? 3. Hopefully profit or 1. COMahawk.exe "custom command to run" ie...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2020-1405

An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372...

CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management...

CVE-2016-1405 vulnerabilities

Vulnerabilities for packages: clamav...

CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode

The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showproducts shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode

The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showproducts shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-1405

creationtimestamp| type| source ---|---|--- 2024-02-10 07:21:37+00:00| seen| https://t.me/ctinow/182443 2024-03-03 09:16:28+00:00| seen| https://t.me/ctinow/198614...

CVE-2024-1405 Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure

A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be...

CVE-2024-1405

CVE-2024-1405 affects Linksys WRT54GL 4.30.18 Web Management Interface (file /wlaninfo.htm). Described as information-disclosure via an unknown feature/file. Publicly disclosed exploit exists. No patch details are provided in the supplied sources; some documents advise restricting access to /wlan...

CVE-2024-1405 Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure

A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be...

Malicious code in wlwz-2312-1405 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 923ab46e25c6d2410f33e0c72213cd066ea388e3c4471d511d720db3c1f48eec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-1405

creationtimestamp| type| source ---|---|--- 2024-01-16 17:27:03+00:00| seen| https://t.me/ctinow/168904 2024-01-23 17:17:00+00:00| seen| https://t.me/ctinow/172140 2025-06-11 17:34:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18100 2025-09-29 21:02:20+00:00| seen|...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405

CVE-2023-1405 affects the Formidable Forms WordPress plugin up to version 6.1.2. It arises from unserializing user input, enabling unauthenticated PHP Object Injection when a suitable gadget is present. Impact is HIGH (I:HIGH, A:NONE) with remote attacker access. Mitigation: upgrade to version 6....

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...