35618 matches found
CVE-2026-57656
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2025-64637
Unauthenticated Content Injection in Auros Core = 5.3.1 versions...
CVE-2025-68064
Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...
CVE-2026-57656
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2025-68064 WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...
CVE-2025-68064
CVE-2025-68064 concerns a Local File Inclusion vulnerability in the WordPress Goya Core plugin, versions earlier than 1.0.9.4. The issue arises from a faulty file path handling in the plugin, enabling an attacker to access sensitive files. The CVSS 3.1 vector indicates remote access with high imp...
CVE-2025-64637
CVE-2025-64637 concerns the WordPress plugin Auros Core (versions
WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Content Injection vulnerability discovered by Bonds in WordPress Plugin Auros Core versions = 5.3.1...
WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Goya Core versions 1.0.9.4...
WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Hester Core versions = 1.1.8...
CVE-2026-53188
A flaw was found in the Linux kernel's RDMA/core component. This vulnerability arises from insufficient validation of file operations fops passed to the ibgetucaps function. A local attacker could exploit this by creating a block device with a device number devt that aliases a character device...
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...
CVE-2026-13006
A flaw was found in logback-core, a logging framework for Java applications. This vulnerability allows an attacker with existing privileges and write access to a configuration file, or the ability to inject a malicious environment variable, to execute arbitrary code. This can be achieved by...
CVE-2026-55477
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
EUVD-2026-39432
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
ROOT-APP-MAVEN-CVE-2025-52999 CVE-2025-52999 in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root
Root has patched CVE-2025-52999 in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...