15676 matches found
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
WordPress Site Editor <=1.1.1 - Local File Inclusion
WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
CVE-2026-15457
Vulnerability summary (CVE-2026-15457) : The Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is vulnerable to a Directory Traversal in all versions up to and including 6.0.13 via the 'family' parameter . Authenticated attackers with editor-level access or higher can d...
EUVD-2026-45131
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...
EUVD-2026-45083
Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...
CVE-2026-59865
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...
Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
Joomla JCE editor extension contains an unrestricted file upload vulnerability caused by allowing unauthenticated users to create new editor profiles, letting attackers upload and execute PHP code remotely, exploit requires no authentication. id: CVE-2026-48907 info: name: Joomla! JCE extension...
EUVD-2025-210478
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion LFI in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories...
CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...
CVE-2026-58534
Heap-based buffer overflow in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
CVE-2026-58534
CVE-2026-58534 is a Windows IME heap-based buffer overflow vulnerability that enables local privilege escalation for an authenticated attacker. The affected component is the Microsoft Input Method Editor (IME) in Windows. The root cause, per the available sources, is a heap-based buffer overflow ...
CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
...
CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability
...
Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...
gegl04 security update
An update is available for gegl04. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GEGL Generic Graphics Library is a graph-based image processing framework...
LG Simple Editor <= v3.21.0 - Command Injection
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
CVE-2026-12511
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...
CVE-2026-12511 AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...
EUVD-2026-43626
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...