Lucene search
K

48 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-57320

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57325

The CVE-2026-57325 covers an unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress NanoMag theme versions up to 1.8. The issue affects the NanoMag theme code path exposed to users, enabling XSS payloads without authentication. Documents confirm the affected product (WordPress ...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/05 10:31 a.m.9 views

WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability

Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/03 2:15 p.m.15 views

CVE-2026-7700

Langflow-ai Langflow up to v1.8.4 is affected by a code injection in the LambdaFilterComponent’s eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p). The underlying issue is unsafe evaluation of input, enabling remote exploitation. The CVE indicates the attack can be perform...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References4
CVE
CVE
added 2026/04/26 1:19 p.m.15 views

CVE-2018-25263

Faleemi Desktop Software 1.8.2 contains a local buffer overflow in the Device alias field of the Managing Log interface that allows an attacker with local access to trigger a structured exception handler (SEH) overwrite and execute arbitrary code (PoC shows calculator). The vulnerability is trigg...

8.6CVSS6.3AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 10:16 p.m.8 views

CVE-2026-33020

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

7.1CVSS0.00205EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.12 views

PT-2026-31565

Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...

6.5CVSS6.5AI score0.0111EPSS
Exploits0References12
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS0.00107EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/02 11:29 a.m.6 views

WordPress Edifice theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Edifice versions = 1.8...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21148

Name of the Vulnerable Software and Affected Versions TeconceTheme Emerce Core versions through 1.8 Description A flaw exists in TeconceTheme Emerce Core that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue affects the emerce-core...

5.7AI score0.00372EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 7:15 a.m.10 views

CVE-2025-9082

The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it possible for authenticat...

6.4CVSS0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.9 views

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

9CVSS8.2AI score0.02401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.6 views

PT-2025-53915

Name of the Vulnerable Software and Affected Versions Mikado-Themes Lekker versions through 1.8 Description A flaw exists in Mikado-Themes Lekker that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...

6.7AI score0.00327EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

Dire Wolf 安全漏洞

Dire Wolf is a software radio modem from the individual developers at wb2osz. A security vulnerability exists in Dire Wolf 1.8 and earlier versions, which stems from a stack buffer overflow in the kissrecbyte function, which could result in stack memory corruption or an application crash...

8.7CVSS7AI score0.00468EPSS
Exploits0References5
OSV
OSV
added 2025/12/18 8:16 a.m.3 views

CVE-2025-58948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue affects Aromatica: from n/a through = 1.8...

8.1CVSS5.8AI score0.00445EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:16 a.m.3 views

CVE-2025-58928

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through = 1.8...

8.1CVSS0.00445EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 12:32 p.m.18 views

CVE-2025-14245

IdeaCMS up to version 1.8 contains a SQL injection vulnerability in the whereRaw usage of Coupon.php (app/common/logic/index/Coupon.php). The root cause is improper manipulation of the params argument, enabling remote attacker input to influence SQL queries. Multiple security feeds (NVD, Red Hat,...

9.8CVSS6.8AI score0.00326EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2025/08/22 1:55 p.m.9 views

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

5.9CVSS6AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/08/22 1:15 p.m.4 views

WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Heart versions = 1.8...

8.1CVSS7AI score0.00445EPSS
Exploits0Affected Software1
Rows per page
Query Builder