Lucene search
K

16 matches found

NVD
NVD
added 2026/06/17 10:16 p.m.12 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.16 views

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

7.1CVSS0.00222EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/20 11:37 a.m.8 views

WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Craft versions = 2.3.6...

7.1CVSS5.3AI score0.00222EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.4 views

CVE-2025-60202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.3 views

EUVD-2025-38113

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

7.5CVSS6.6AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:16 a.m.7 views

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team=Setting=action...

6.1CVSS5.6AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2025/03/08 9:15 a.m.3 views

CVE-2024-13816

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This mak...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/06 10:18 p.m.2 views

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin <= 2.3.6 - Unauthenticated SQL Injection vulnerability

WordPress CURCY - WooCommerce Multi Currency - Currency Switcher plugin = 2.3.6 - Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CURCY versions = 2.3.6...

7.5CVSS8.1AI score0.00373EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/12 12:35 a.m.9 views

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

8CVSS7.6AI score0.00414EPSS
Exploits1References1
NVD
NVD
added 2025/02/10 6:15 p.m.7 views

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

8CVSS0.00414EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA version 2.3.6, which stems from a stored cross-site scripting vulnerability contained in the cargo parameter of the control.php page...

6.4CVSS6AI score0.00311EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.8 views

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...

6.5CVSS7.2AI score0.0052EPSS
Exploits0References5
OSV
OSV
added 2023/08/24 12:15 p.m.4 views

CVE-2023-32516

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

6.1CVSS5.8AI score0.00385EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.1 views

SUSE CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.9AI score0.01503EPSS
Exploits0References5
CNVD
CNVD
added 2017/06/12 12:0 a.m.3 views

Zend Framework Cross-Site Request Forgery Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A cross-site request forgery vulnerability exists in Zend/Validator/Csrf in version 2.3.x prior to ZF 2.3.6. A remote...

8.8CVSS7AI score0.00656EPSS
Exploits0References1
Rows per page
Query Builder