1978 matches found
EUVD-2022-2557
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-18185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. CVE-2020-18185 Note th...
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...
CVE-2024-8393 Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...
CVE-2014-125113
An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...
CVE-2013-10035 ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...
CVE-2025-34104 Piwik Authenticated RCE via Custom Plugin Upload
An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...
VulnCheck KEV: CVE-2020-27387
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...
CVE-2025-6746
The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server,...
WordPress ads pro cross-site request forgery vulnerability
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro has a cross-site request forgery vulnerability, which...
WordPress plugin WoodMart 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-28334 · WordPress · Widgets For Google Reviews
Name of the Vulnerable Software and Affected Versions: The Widget for Google Reviews plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server via...
CVE-2025-52562
Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...
CVE-2025-48492
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48828
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution (RCE) flaw in the ajax/api/ad/replaceAdTemplate endpoint caused by improper use of PHP’s Reflection API. An unauthenticated attacker can inject a crafted template (eg, using vb:if with code via passthru($POST[...])) and trigge...
EUVD-2025-28268
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...
CVE-2024-30162
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...