Lucene search
K

1029 matches found

Nuclei
Nuclei
added yesterday21 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

7.5CVSS7AI score0.04917EPSS
Exploits4References1
Nuclei
Nuclei
added yesterday25 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.3AI score0.01668EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-15518

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday17 views

CVE-2026-15518 AREA 17 Twill CMS Media Library Insert FileLibraryController.php storeFile unrestricted upload

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
CVE
CVE
added yesterday21 views

CVE-2026-15518

AREA 17 Twill CMS

5.8CVSS5.7AI score0.00248EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago126 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7AI score0.82585EPSS
Exploits6References5
NVD
NVD
added 4 days ago6 views

CVE-2026-6802

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS0.00243EPSS
Exploits0References8
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 2:2 p.m.19 views

CVE-2026-56012 WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:2 p.m.6 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:2 p.m.9 views

EUVD-2026-37895

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 2:2 p.m.35 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.8 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-54198

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.33 views

CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.15 views

CVE-2026-54198

CVE-2026-54198 affects the WordPress Media Library Assistant plugin up to version 3.35. The vulnerability is an unauthenticated cross-site scripting (XSS) in the plugin (reflected XSS per CVE record) with a CVSS 3.1 base score of 7.1 (HIGH). Attack vector: Network; privileges required: NONE; user...

7.1CVSS5.1AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.8 views

EUVD-2026-37055

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.17 views

EUVD-2026-35988

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References1
OSV
OSV
added 2026/06/09 2:16 p.m.8 views

UBUNTU-CVE-2026-52907

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...

7.8CVSS5.3AI score0.00112EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-48235

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Rows per page
Query Builder