Lucene search
K

7228 matches found

EUVD
EUVD
added 2026/06/16 4:30 a.m.14 views

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS6.6AI score0.00607EPSS
Exploits0References7
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/16 12:0 a.m.17 views

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users...

10CVSS5.6AI score0.80425EPSS
In wildExploits18
VulnCheck KEV
VulnCheck KEV
added 2026/06/12 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.3AI score0.80425EPSS
In wildExploits18References7
GithubExploit
GithubExploit
added 2026/06/11 5:59 a.m.74 views

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 — PHPUnit Remote Code Execution RCE PoC ⚠...

9.8CVSS8.4AI score0.99999EPSS
Exploits19
GithubExploit
GithubExploit
added 2026/06/09 4:24 p.m.74 views

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

9.8CVSS6.3AI score0.00559EPSS
Exploits1
NVD
NVD
added 2026/06/09 1:16 p.m.17 views

CVE-2017-20251

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

9.8CVSS0.00559EPSS
Exploits1References3
CVE
CVE
added 2026/06/09 11:48 a.m.43 views

CVE-2017-20251

CVE-2017-20251 affects WordPress Insert PHP plugin versions prior to 3.3.1. The vulnerability is a PHP code injection via the REST API, allowing unauthenticated attackers to execute arbitrary PHP by injecting an insert_php shortcode through POST requests to wp-json/wp/v2/posts, enabling remote PH...

9.8CVSS6.1AI score0.00559EPSS
Exploits1References3
CVE
CVE
added 2026/06/08 6:24 p.m.31 views

CVE-2026-52778

YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...

9.8CVSS6AI score0.00561EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.19 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.5AI score0.80425EPSS
Exploits18References1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin WP User Manager – User Profile Builder & Membership 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.6AI score0.02403EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.15 views

CVE-2026-38991

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

8.8CVSS5.7AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.12 views

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.5AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.15 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.3AI score0.00755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3425

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.3AI score0.00625EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 2:19 p.m.214 views

Exploit for CVE-2026-3300

CVE-2026-3300 - Everest Forms Pro Unauthenticated Stored Cross...

9.8CVSS6.5AI score0.40992EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/05 7:31 a.m.16 views

CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits18References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:31 a.m.16 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits18References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.14 views

joomlacontenteditor.net Joomla Content Editor (JCE) extension for Joomla 权限许可和访问控制问题漏洞

JCE Joomla Component is an editor component used within the Joomla content management system. The JCE Joomla Component has a security vulnerability related to access control. This vulnerability stems from allowing unauthenticated users to create new editor profiles, ultimately leading to the uplo...

10CVSS7.7AI score0.80425EPSS
Exploits18References3
Hacker One
Hacker One
added 2026/06/04 8:3 a.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting

Vulnerability description not provided...

8.8CVSS6.7AI score0.02734EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/03 11:4 p.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass

A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.02734EPSS
Exploits1
Rows per page
Query Builder