Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/20 3:2 a.m.5 views

CVE-2026-30891

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a pat...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2025/12/21 12:0 a.m.3 views

CVE-2024-30891

creationtimestamp| type| source ---|---|--- 2025-12-21 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-12-21 2026-03-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-03-20 2026-03-22 00:00:00+00:00| seen| The Shadowserver...

8.8CVSS5.8AI score0.01896EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/29 11:40 a.m.9 views

CVE-2025-30891

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS7.2AI score0.00618EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.2 views

CVE-2025-30891

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS7.2AI score0.00618EPSS
Exploits0References3
NVD
NVD
added 2025/03/27 11:15 a.m.15 views

CVE-2025-30891

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 10:55 a.m.6 views

CVE-2025-30891 WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS7.4AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 10:55 a.m.52 views

CVE-2025-30891

CVE-2025-30891 affects WordPress plugin “WpTravelly” (Tour & Travel Booking Plugin for WooCommerce). The description in the initial document indicates an improper control of filename for include/require statements in PHP, enabling PHP Local File Inclusion (LFI) via a Remote File Inclusion vulnera...

8.8CVSS7.2AI score0.00618EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 10:55 a.m.17 views

CVE-2025-30891 WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through = 1.8.7...

8.8CVSS0.00618EPSS
Exploits0References1
Circl
Circl
added 2025/03/05 9:1 p.m.4 views

CVE-2023-30891

creationtimestamp| type| source ---|---|--- 2025-03-05 21:01:57+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ljnutm2rzz2t...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.3 views

PT-2024-30891 · Nicejob · Nicejob

Name of the Vulnerable Software and Affected Versions: NiceJob versions prior to 3.6.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS on web pages created by NiceJob...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

8.8CVSS5.9AI score0.01896EPSS
Exploits1References1
NVD
NVD
added 2024/04/05 8:15 a.m.11 views

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

8.8CVSS7.3AI score0.01896EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/05 12:0 a.m.9 views

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

7.6AI score0.01896EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/05 12:0 a.m.19 views

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

7.5AI score0.01896EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/24 6:49 p.m.11 views

CVE-2021-30891

...

Exploits0
CVE
CVE
added 2021/08/24 6:49 p.m.27 views

CVE-2021-30891

This CVE entry is rejected/not used as stated in the description.

7.4AI score
Exploits0
Rows per page
Query Builder