Lucene search
+L

435 matches found

NVD
NVD
added 2026/04/22 7:17 p.m.7 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS0.02826EPSS
Exploits2References8
NVD
NVD
added 2026/04/22 7:17 p.m.18 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS0.02804EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:33 p.m.3 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2026/04/22 6:33 p.m.6 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/04/22 6:33 p.m.39 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS0.02804EPSS
Exploits2References8
CVE
CVE
added 2026/04/22 6:33 p.m.18 views

CVE-2026-34413

Xerte Online Toolkits 3.15 and earlier suffer a missing authentication vulnerability in the elFinder connector endpoint /editor/elfinder/php/connector.php. An HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request se...

8.8CVSS6.6AI score0.02804EPSS
Exploits2References8
OSV
OSV
added 2026/04/22 6:33 p.m.5 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.7AI score0.02804EPSS
Exploits2References11
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:33 p.m.3 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits2References9
Cvelist
Cvelist
added 2026/04/22 6:33 p.m.34 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS0.03575EPSS
Exploits2References8
CVE
CVE
added 2026/04/22 6:33 p.m.11 views

CVE-2026-34415

CVE-2026-34415 affects Xerte Online Toolkits versions ≤ 3.15. The vulnerability is in the elFinder connector endpoint, where incomplete input validation fails to block PHP-executable extensions such as .php4 due to an incorrect regex. This enables an unauthenticated attacker to abuse an attack pa...

9.8CVSS6AI score0.03575EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2026/04/22 6:33 p.m.6 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits2References8
OSV
OSV
added 2026/04/22 6:33 p.m.4 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.3CVSS6.2AI score0.03575EPSS
Exploits2References11
Vulnrichment
Vulnrichment
added 2026/04/22 6:32 p.m.6 views

CVE-2026-34414 Xerte Online Toolkits Path Traversal via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:32 p.m.6 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References9
Cvelist
Cvelist
added 2026/04/22 6:32 p.m.43 views

CVE-2026-34414 Xerte Online Toolkits Path Traversal via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS0.02826EPSS
Exploits2References8
CVE
CVE
added 2026/04/22 6:32 p.m.13 views

CVE-2026-34414

CVE-2026-34414 affects Xerte Online Toolkits versions ≤ 3.15. A relative path traversal vulnerability exists in the elFinder connector endpoint at /editor/elfinder/php/connector.php, where the name parameter in rename commands is not sanitized for path traversal sequences. An attacker can supply ...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34535

Name of the Vulnerable Software and Affected Versions Xerte Online Toolkits versions 3.15 and earlier Description A missing authentication issue exists in the elFinder connector endpoint '/editor/elfinder/php/connector.php'. An HTTP redirect to unauthenticated callers fails to call exit or die,...

8.8CVSS6.7AI score0.02804EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34537

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits2References12
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Xerte Online Toolkits 路径遍历漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php...

7.1CVSS6.2AI score0.02826EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from incomplete input validation at the elFinder connector endpoint, allowing...

9.8CVSS6.1AI score0.03575EPSS
Exploits2References2
Rows per page
Query Builder