Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2025-5804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through 1.0.4...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 3:31 p.m.5 views

EUVD-2025-209401

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 8:3 p.m.9 views

CVE-2026-3528

CVE-2026-3528 is a Drupal Calculation Fields vulnerability (modulename: Calculation Fields) that allows Cross-site Scripting (XSS) due to improper neutralization of input during web page generation. Affected products are Drupal Calculation Fields versions prior to 1.0.4; the issue can lead to XSS...

6.1CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:3 p.m.1 views

CVE-2026-3528

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Calculation Fields allows Cross-Site Scripting XSS.This issue affects Calculation Fields: from 0.0.0 before 1.0.4...

5.8AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin My Album Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 9:15 p.m.5 views

CVE-2026-1553

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 8:26 p.m.4 views

CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

5.3AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:16 p.m.13 views

CVE-2025-62037

Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

6.5CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:16 p.m.13 views

CVE-2025-62036

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

7.1CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:55 p.m.27 views

CVE-2025-62034

CVE-2025-62034 is a Privilege Escalation in the WordPress theme Togo (

8.8CVSS6.6AI score0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

WordPress plugin Togo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS6.6AI score0.00295EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/16 1:27 a.m.2 views

CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.1CVSS7.2AI score0.00431EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-9274

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...

6.5CVSS6.8AI score0.01542EPSS
Exploits0References3
OSV
OSV
added 2021/02/17 2:15 p.m.6 views

UBUNTU-CVE-2020-24503

Insufficient access control in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS6.7AI score0.00345EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/31 12:0 a.m.5 views

Geta NestedObjectAssign Security Vulnerability

Geta NestedObjectAssign is a Javascript-based codebase for extending the Object.assign function from the Geta team. A security vulnerability exists in Geta NestedObjectAssign before 1.0.4, which stems from susceptibility to prototype contamination of default functions...

7.5CVSS7.1AI score0.0152EPSS
Exploits1References3
OSV
OSV
added 2019/11/14 9:15 p.m.2 views

DEBIAN-CVE-2019-18978

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS6.9AI score0.02462EPSS
Exploits0References1
Rows per page
Query Builder