CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

EUVD•added 2026/04/22 9:31 p.m.•2 views

EUVD-2026-22830

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS6.5AI score0.00063EPSS

Exploits1References4

GithubExploit•added 2026/04/17 10:3 p.m.•102 views

Exploit for CVE-2026-1555

CVE-2026-1555 WebStack = 1.2024 - Unauthenticated Arbitrar...

9.8CVSS6AI score0.00063EPSS

Exploits1

Patchstack•added 2026/04/15 1:8 p.m.•5 views

WordPress WebStack plugin <= 1.2024 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Theme WebStack versions = 1.2024...

9.8CVSS5.8AI score0.00063EPSS

Exploits1References1Affected Software1

NVD•added 2026/04/15 4:17 a.m.•1 views

CVE-2026-1555

9.8CVSS0.00063EPSS

Exploits1References3

Vulnrichment•added 2026/04/15 3:37 a.m.•4 views

CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload

9.8CVSS6.5AI score0.00063EPSS

Exploits1References3

CVE•added 2026/04/15 3:37 a.m.•14 views

CVE-2026-1555

The WebStack WordPress theme is vulnerable to unauthenticated arbitrary file upload via the io_img_upload() function in all versions up to 1.2024. This allows attackers with no authentication to upload arbitrary files to the server, with the potential for remote code execution. Affected product: ...

9.8CVSS6.5AI score0.00063EPSS

Exploits1References3

Cvelist•added 2026/04/15 3:37 a.m.•27 views

CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload

9.8CVSS0.00063EPSS

Exploits1References3

ATTACKERKB•added 2026/04/15 3:37 a.m.•3 views

CVE-2026-1555

9.8CVSS6.5AI score0.00063EPSS

Exploits1References4

Positive Technologies•added 2026/04/15 12:0 a.m.•2 views

PT-2026-32996

Name of the Vulnerable Software and Affected Versions WebStack versions prior to 1.2025 Description The WebStack theme for WordPress allows unauthenticated attackers to upload arbitrary files to the server. This is caused by a lack of file type validation within the io img upload function, which...

9.8CVSS5.8AI score0.00063EPSS

Exploits1References8

CNNVD•added 2026/04/15 12:0 a.m.•3 views

WordPress plugin WebStack 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6.2AI score0.00063EPSS

Exploits1References1

RedhatCVE•added 2025/12/02 7:22 a.m.•2 views

CVE-2025-13811

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort can lead to sql injection. It is possible to launch the atta...

7.2CVSS6.4AI score0.00024EPSS

Exploits1References1

RedhatCVE•added 2025/12/02 6:3 a.m.•3 views

CVE-2025-13810

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...

7.5CVSS6AI score0.00263EPSS

Exploits1References1

OSV•added 2025/12/01 7:16 a.m.•1 views

CVE-2025-13811

7.2CVSS5.7AI score

Exploits0References5

NVD•added 2025/12/01 7:16 a.m.•1 views

CVE-2025-13810

7.5CVSS0.00263EPSS

Exploits1References5

OSV•added 2025/12/01 7:16 a.m.•0 views

CVE-2025-13810

7.5CVSS5.5AI score0.00263EPSS

Exploits1References5

Vulnrichment•added 2025/12/01 6:32 a.m.•1 views

CVE-2025-13811 jsnjfz WebStack-Guns PageFactory.java sql injection

6.5CVSS6.4AI score0.00024EPSS

Exploits1References5

CVE•added 2025/12/01 6:32 a.m.•8 views

CVE-2025-13811

CVE-2025-13811 affects jsnjfz WebStack-Guns 1.0. The vulnerability is in src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java where manipulation of the argument sort enables an SQL injection. It can be exploited remotely without user interaction. Public PoC/exploit detail...

7.2CVSS6.4AI score0.00024EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/12/01 6:32 a.m.•7 views

CVE-2025-13811 jsnjfz WebStack-Guns PageFactory.java sql injection

6.5CVSS0.00024EPSS

Exploits1References5

EUVD•added 2025/12/01 6:32 a.m.•1 views

EUVD-2025-199959

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack...

6.5CVSS6.4AI score0.00024EPSS

Exploits1References6

EUVD•added 2025/12/01 6:2 a.m.•1 views

EUVD-2025-199956

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...

6.9CVSS6.2AI score0.00263EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by