Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/29 12:0 a.m.12 views

CVE-2026-39276

The CVE-2026-39276 vulnerability affects Emlog Pro v2.6.9, where the template upload feature is vulnerable to path traversal. An authenticated administrator can upload a crafted ZIP archive containing directory traversal sequences in filenames, enabling arbitrary PHP code execution. This can resu...

7.2CVSS6.1AI score0.00234EPSS
Exploits0References2
NVD
NVDadded 2026/05/14 3:16 p.m.10 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS0.00041EPSS
Exploits0References3
OSV
OSVadded 2026/01/22 2:26 a.m.2 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.7AI score0.00032EPSS
Exploits0References4
NVD
NVDadded 2025/10/15 3:15 a.m.3 views

CVE-2025-11746

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS0.00179EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/02/01 12:0 a.m.3 views

NOSH ChartingSystem 代码问题漏洞

NOSH ChartingSystem is an electronic health record system designed for physicians and patients. A security vulnerability exists in NOSH ChartingSystem 4a5cfdb. An attacker can exploit the vulnerability to execute arbitrary PHP code...

8.8CVSS8.4AI score0.16677EPSS
Exploits1References5
CNNVD
CNNVDadded 2022/06/16 12:0 a.m.4 views

flatCore 代码注入漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS v2.0.8, which stems from the lack of data filtering and escaping in /content/cache/activeurls.php and /content/cache/cachelastedit.php, which can be exploited by...

8.8CVSS8.3AI score0.01025EPSS
Exploits1References2
CNVD
CNVDadded 2019/11/20 12:0 a.m.1 views

Code execution vulnerability in the backend of shopxo e-commerce system

ShopXO is an open source enterprise-level open source e-commerce system. shopxo e-commerce system backend code execution vulnerability , an attacker can exploit the vulnerability to execute arbitrary PHP code...

8.2AI score
Exploits0
CNVD
CNVDadded 2015/09/15 12:0 a.m.1 views

Kirby CMS Cross-Site Request Forgery Vulnerability

Kirby CMS is a file-based content management system that is flexible, easy to use and easy to install. KirbyCMS suffers from a cross-site request forgery vulnerability in its implementation, which could be exploited by an attacker to execute arbitrary script code in the context of an affected...

7.6AI score
Exploits0References1
Rows per page
Query Builder