Lucene search
+L

197 matches found

cve
cve
added yesterday4 views

CVE-2026-46687

CVE-2026-46687 affects Emlog prior to or including 2.6.13. The flaw stems from an unvalidated path-traversal template parameter used by api_controller.php and a subsequent include in View::getView($template) after a file_exists check in log_controller.php. This enables an authenticated author to ...

7.7CVSS6.2AI score0.00177EPSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44986

Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from apicontroller.php without validation, and logcontroller.php later checks fileexists and calls include View::getView$template, allowing an...

7.7CVSS6.2AI score0.00177EPSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-15005 Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS0.00211EPSS
Exploits0References10
cve
cve
added yesterday13 views

CVE-2026-15005

The CVE-2026-15005 issue affects the WordPress Loco Translate plugin (versions up to and including 2.8.5). Root cause: missing or incorrect nonce validation in execTemplate enables a CSRF that can bypass path validation and pass a php://filter URI to the include sink via a forged request. This ca...

8.8CVSS6.3AI score0.00211EPSS
Exploits0References10
nvd
nvd
added 2026/07/03 10:16 a.m.8 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS0.00266EPSS
Exploits0References5
cve
cve
added 2026/07/03 9:31 a.m.23 views

CVE-2026-5137

The RTMKit (rometheme-for-elementor) WordPress plugin is affected by a Local File Inclusion in versions up to 2.0.7 due to insufficient path validation on the template parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. Auth...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References5
euvd
euvd
added 2026/07/03 9:31 a.m.8 views

EUVD-2026-41528

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/03 9:31 a.m.8 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51000

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An incomplete fix for a previous issue in this Laravel and Git powered content management system CMS left in-memory collection sorting unprotected, although the...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References11
cvelist
cvelist
added 2026/05/20 4:27 a.m.48 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
euvd
euvd
added 2026/05/20 4:27 a.m.12 views

EUVD-2026-31062

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
cve
cve
added 2026/05/20 4:27 a.m.32 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/20 4:27 a.m.10 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Advanced Database Cleaner – Premium 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6AI score0.00755EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.19 views

PT-2026-42104

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References4
cve
cve
added 2026/05/05 3:37 a.m.21 views

CVE-2026-5957

The CVE concerns the WordPress EmailKit plugin (versions up to and including 1.6.5). A path traversal flaw in CheckForm.php::create_template() uses realpath() on the allowed base directory (wp-content/uploads/emailkit/templates/), which may not exist, causing realpath() to return false. In PHP 8....

6.5CVSS5.9AI score0.0057EPSS
Exploits0References10
nvd
nvd
added 2026/04/29 4:16 p.m.9 views

CVE-2025-56537

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter...

6.1CVSS0.00185EPSS
Exploits3References2
cve
cve
added 2026/04/29 12:0 a.m.13 views

CVE-2025-56537

CVE-2025-56537 affects OpenNebula OpenNebula v6.10.0.1; the stored XSS occurs via a crafted payload injected into the virtual network template parameter. The issue is fixed in OpenNebula 7.0. An attacker can trigger the stored XSS through the vulnerable web UI (Sunstone) under network template in...

6.1CVSS5.3AI score0.00185EPSS
Exploits3References2Affected Software1
debiancve
debiancve
added 2026/04/24 2:20 a.m.4 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2
euvd
euvd
added 2026/04/16 9:31 a.m.6 views

EUVD-2026-23205

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS6AI score0.00816EPSS
Exploits0References6
Rows per page
Query Builder