CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

CVE-2023-54350

Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2023-54350

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

PT-2026-47234

Name of the Vulnerable Software and Affected Versions Seotheme affected versions not specified Description An issue in the WordPress Seotheme allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP...

PT-2026-47236

Name of the Vulnerable Software and Affected Versions Travelscape version 1.0.3 Description Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPre...

PT-2026-47232

Name of the Vulnerable Software and Affected Versions WordPress Augmented-Reality plugin affected versions not specified Description A remote code execution issue exists in the elFinder connector. Unauthenticated attackers can upload and execute arbitrary PHP files by sending POST requests to the...

WordPress plugin Augmented-Reality plugin 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

WordPress plugin Travelscape 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

ALSA-2026:24369 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization

This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...

PT-2026-47709

CVE-2024-56122 - Microsoft Exchange Server Remote Code Execution CVE ID :CVE-2024-56122 Published : June 8, 2026, 10:16 a.m. | 44 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details...

PT-2026-47432

Name of the Vulnerable Software and Affected Versions AgentCore CLI versions prior to 0.14.2 Description Improper neutralization of triple-quote characters during Python code generation allows an authenticated remote actor to execute arbitrary code. This occurs when a crafted...

Flowise 代码注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a code injection vulnerability. This vulnerability stemmed from the lack of routing-level authorization in the POST /api/v1/node-custom-function...

PT-2026-47458

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the TabStrip component. This allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI...

PT-2026-47476

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory corruption flaw...

VulnCheck KEV: CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...