Lucene search
K

290 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
CVE
CVE
added 2 days ago13 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
CVE
CVE
added 5 days ago11 views

CVE-2026-13553

The CVE-2026-13553 vulnerability affects itsourcecode Online Hotel Management System 1.0, specifically an unknown function in /admin/mod_amenities/controller.php?action=add. A manipulation of the image parameter enables unrestricted file upload, which can be triggered remotely. The exploit has be...

7.5CVSS6.8AI score0.00474EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 1:16 p.m.10 views

CVE-2016-20064

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.8 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:48 a.m.18 views

CVE-2016-20064

CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.26 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP Vault 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS5.6AI score0.00743EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 3:16 p.m.21 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS0.00743EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 12:0 a.m.11 views

EUVD-2025-209923

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS6AI score0.00743EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Follett Destiny Library Manager 安全漏洞

Follett Destiny Library Manager is a school library resource and collection management system developed by the Follett company in the United States. The version 2202rc1 of Follett Destiny Library Manager contains security vulnerabilities. These vulnerabilities are due to directory traversal...

7.5CVSS6AI score0.00743EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 12:0 a.m.25 views

CVE-2025-45145

CVE-2025-45145 describes a directory traversal in Follett Software’s Destiny Library Manager, affecting version 22_0_2_rc1 and fixed in v22.5 AU1. The underlying issue is a file path handling weakness that allows an unauthenticated attacker to read arbitrary files on the system and application vi...

7.5CVSS6AI score0.00743EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 12:0 a.m.7 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

6AI score0.00743EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:0 a.m.9 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS6AI score0.00743EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42770

Directory traversal in Follett Software's Destiny Library Manager 22 0 2 rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

6AI score0.00743EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.10 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

0.00743EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 4:25 p.m.13 views

AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

Summary The endpoint requires no authentication. An unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails,...

6.9CVSS6AI score0.00455EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/19 4:25 p.m.10 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via image404Raw.php. An attacker can access arbitrary image files, including those protected by access controls, by supplying crafted path...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References3
Rows per page
Query Builder