Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

907 matches found

NVD
NVDadded 2026/04/03 11:17 p.m.5 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS0.0023EPSS
Exploits1References2
NVD
NVDadded 2026/04/03 11:17 p.m.3 views

CVE-2026-34228

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS0.00188EPSS
Exploits1References2
NVD
NVDadded 2026/04/03 11:17 p.m.1 views

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS0.00874EPSS
Exploits1References1
NVD
NVDadded 2026/04/03 11:17 p.m.1 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS0.00511EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/03 10:37 p.m.15 views

CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS0.00343EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:37 p.m.1 views

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS5.9AI score0.00343EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:37 p.m.2 views

CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS5.9AI score0.00343EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/03 10:37 p.m.5 views

EUVD-2026-18907

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS5.9AI score0.00343EPSS
Exploits1References1
CVE
CVEadded 2026/04/03 10:37 p.m.7 views

CVE-2026-34788

Emlog vulnerability CVE-2026-34788 affects the core SQL layer in tag_model.php (updateTagName()). In versions up to 2.6.2, the function directly interpolates user input into SQL without parameterized queries or proper escaping, enabling SQL injection. Impact is high for confidentiality and integr...

6.5CVSS5.9AI score0.00343EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/04/03 10:36 p.m.8 views

CVE-2026-34787

CVE-2026-34787 affects Emlog up to version 2.6.2. An LFI exists in admin/plugin.php (line 80) where the GET parameter $plugin is directly used in a require_once path without sanitization. If a CSRF bypass is possible, an attacker could include arbitrary PHP files from the server filesystem, enabl...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/03 10:36 p.m.17 views

CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS0.00511EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:36 p.m.0 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:36 p.m.1 views

CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/03 10:36 p.m.5 views

EUVD-2026-18905

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/03 10:35 p.m.3 views

EUVD-2026-18901

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 10:35 p.m.1 views

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:35 p.m.1 views

CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/03 10:35 p.m.14 views

CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS0.00874EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/03 10:31 p.m.18 views

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS0.0023EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/03 10:31 p.m.3 views

EUVD-2026-18899

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References2
Rows per page
Query Builder