CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

EUVD-2018-21847

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics Authentication Bypass Lab Lo...

EUVD-2026-30678

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

PT-2026-41553

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

PT-2026-41591

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

CVE-2021-47975

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...

CVE-2021-47942

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

CVE-2020-37241

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

CVE-2020-37236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

CVE-2020-37227

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

CVE-2021-47977

CVE-2021-47977 affects the WordPress plugin Anti-Malware Security and Bruteforce Firewall 4.20.59. It describes a directory traversal vulnerability where unauthenticated attackers can read arbitrary files by manipulating the file parameter via the duplicator_download action in admin-ajax.php, usi...

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

EUVD-2021-34838

Home Assistant Community Store HACS 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, th...

CVE-2021-47942

CVE-2021-47942 concerns Home Assistant Community Store (HACS) 1.10.0. The vulnerability is a path traversal flaw exposed via the /hacsfiles/ endpoint, allowing unauthenticated attackers to read sensitive files (notably .storage/auth) and retrieve credentials/refresh tokens. With this access, an a...

CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...