Lucene search
+L

69 matches found

nvd
nvd
added 2026/07/01 5:16 a.m.8 views

CVE-2026-12923

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS0.00319EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/01 3:43 a.m.36 views

CVE-2026-12923 Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS0.00319EPSS
Exploits0References5
euvd
euvd
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40897

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References5
githubexploit
githubexploit
added 2026/05/30 1:57 p.m.186 views

Exploit for CVE-2026-7465

CVE-2026-7465 - Spectra Gutenberg Blocks isregistered $block...

8.8CVSS5.8AI score0.01174EPSS
Exploits3
veracode
veracode
added 2026/05/23 5:28 a.m.7 views

Improper Access Control

Fission is vulnerable to improper access control. The vulnerability is due to the router automatically registering internal function routes without validating associated HTTPTrigger restrictions, which allows an attacker to invoke arbitrary functions directly by guessing the function name and...

9.8CVSS6AI score0.00353EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2026/05/20 12:0 a.m.3 views

The vulnerability of the CREATE TYPE command in the PostgreSQL database management system allows attackers to execute arbitrary SQL functions.

The vulnerability of the CREATE TYPE command in the PostgreSQL database management system is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL functions remotely...

5.5CVSS6.3AI score0.00159EPSS
Exploits0References14Affected Software7
redhatcve
redhatcve
added 2026/03/26 2:58 p.m.7 views

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References1
patchstack
patchstack
added 2026/03/20 9:29 a.m.8 views

WordPress Aimogen Pro plugin <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability

Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Aimogen Pro versions = 2.7.5...

9.8CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/03/20 6:31 a.m.4 views

EUVD-2026-13522

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References3
nvd
nvd
added 2026/03/20 4:16 a.m.5 views

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS0.003EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/20 3:37 a.m.3 views

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/20 3:37 a.m.23 views

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS0.003EPSS
Exploits0References2
cve
cve
added 2026/03/20 3:37 a.m.9 views

CVE-2026-4038

The CVE concerns the Aimogen Pro plugin for WordPress, where a missing capability check in the aiomatic_call_ai_function_realtime function allows an unauthenticated attacker to perform Arbitrary Function Calls. Affected versions are all up to and including 2.7.5. The exploitation enables calling ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/20 3:37 a.m.4 views

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

9.8CVSS5.9AI score0.003EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.5 views

PT-2026-26553

Name of the Vulnerable Software and Affected Versions Aimogen Pro versions up to 2.7.5 Description The Aimogen Pro plugin for WordPress is susceptible to an Arbitrary Function Call, potentially leading to privilege escalation. This is due to a missing capability check within the aiomatic call ai...

9.8CVSS5.8AI score0.003EPSS
Exploits0References9
snyk
snyk
added 2026/03/06 11:59 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection inadequate recursive validation of PostgreSQL array and row expressions in the validateNode function. An attacker can execute arbitrary SQL functions and achieve code execution on the database server by crafting malicious...

9.9CVSS6.4AI score0.00539EPSS
Exploits1References2
patchstack
patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Inpersttion For Theme plugin <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call vulnerability

Authenticated Contributor+ Arbitrary Function Call vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...

6.3CVSS5.5AI score0.0033EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/11/26 6:55 p.m.8 views

CVE-2025-65960

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS7.2AI score0.00159EPSS
Exploits0References1
snyk
snyk
added 2025/11/25 8:43 p.m.3 views

Insufficient Type Distinction

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Insufficient Type Distinction in the Template::once method. Backend users with sufficient privileges...

7.5CVSS7.2AI score0.00159EPSS
Exploits0References2
nvd
nvd
added 2025/09/23 5:15 a.m.13 views

CVE-2025-9321

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...

9.8CVSS0.00762EPSS
Exploits0References3
Rows per page
Query Builder