Lucene search
K

397 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 1:10 a.m.9 views

CVE-2010-1063

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter to 1 codelib/cfg/common.inc.php, 2...

6.8CVSS7.5AI score0.01356EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.8 views

PT-2025-22325

Name of the Vulnerable Software and Affected Versions Madara – Responsive and modern WordPress theme for manga sites versions 2.2.2 and earlier Description The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the template parameter, making it possibl...

9.8CVSS7.5AI score0.09094EPSS
Exploits5References9
RedhatCVE
RedhatCVE
added 2025/05/17 8:2 p.m.17 views

CVE-2025-47788

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...

9.4CVSS7.5AI score0.00628EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 8:16 p.m.12 views

CVE-2025-47788

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...

9.4CVSS0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/15 7:40 p.m.16 views

CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...

9.4CVSS0.00414EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21368 · Atheros · Atheos

Name of the Vulnerable Software and Affected Versions: Atheos versions prior to v602 Description: Atheos is a self-hosted browser-based cloud IDE. The $target parameter in "/controller.php" was not properly validated, which could allow an attacker to execute arbitrary files on the server via path...

9.4CVSS7AI score0.00414EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

Atheos 安全漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to v602, which stems from the $target parameter in /controller.php not being properly validated, which could lead to the execution of arbitrary files via path travers...

9.4CVSS6.9AI score0.00414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/15 12:0 a.m.9 views

Adobe ColdFusion 2021.x < 2021u20 / 2023.x < 2023u14 / 2025.x < 2025u2 Multiple Vulnerabilities (APSB25-52)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 20, 2023.x update 14, or 2025.x update 2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-52 advisory. - ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are...

9.1CVSS6.5AI score0.3768EPSS
Exploits0References9
NVD
NVD
added 2025/04/11 5:15 a.m.19 views

CVE-2025-2636

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS0.10305EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 5:15 a.m.24 views

CVE-2025-2294

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS0.76761EPSS
Exploits12References2
CVE
CVE
added 2025/03/28 4:22 a.m.210 views

CVE-2025-2294

The CVE-2025-2294 entry is supported by concrete technical details in connected documents: Kubio AI Page Builder for WordPress (plugin ≤ 2.5.1) is vulnerable to Local File Inclusion via the kubio_hybrid_theme_load_template function. The flaw allows unauthenticated attackers to include and execute...

9.8CVSS9.8AI score0.76761EPSS
In wildExploits12References2
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-M37H-8R48-2CXJ H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS7.1AI score0.0033EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.14 views

H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.8AI score0.0033EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2025/03/20 6:15 a.m.25 views

CVE-2025-1770

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS0.00781EPSS
Exploits0References4
NVD
NVD
added 2025/03/14 6:15 a.m.8 views

CVE-2024-13913

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for...

8.8CVSS0.02448EPSS
Exploits0References4
CVE
CVE
added 2025/03/14 5:24 a.m.53 views

CVE-2024-13913

CVE-2024-13913 (InstaWP Connect – 1-click WP Staging & Migration for WordPress) is a CSRF-to-LFI vulnerability affecting versions up to 0.1.0.83. The root cause is missing or incorrect nonce validation in the file /migrate/templates/main.php, enabling an unauthenticated attacker to coerce the app...

8.8CVSS9.1AI score0.02448EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.4 views

WordPress plugin InstaWP Connect 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

8.8CVSS8.9AI score0.02448EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/13 10:24 p.m.6 views

CVE-2025-1707

The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing...

8.8CVSS7.6AI score0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/27 11:22 p.m.15 views

CVE-2024-12811 Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneslider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

8.8CVSS8.9AI score0.00697EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/19 7:32 a.m.11 views

CVE-2024-13592 Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion

The Team Builder For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above,...

7.5CVSS0.00837EPSS
Exploits0References2
Rows per page
Query Builder