Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.8 views

PT-2026-40944

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00041EPSS
Exploits0References4
CVE
CVEadded 2026/03/16 12:0 a.m.4 views

CVE-2025-50881

CVE-2025-50881 involves the Use It Flow admin page flow/admin/moniteur.php, vulnerable before version 10.0.0. The GET parameter action is unsafely incorporated into a string and evaluated via PHP eval(), after a flawed method_exists check that only validates the portion before the first parenthes...

8.8CVSS6.2AI score0.00295EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/11/19 9:9 a.m.2 views

CVE-2025-13088

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

8.8CVSS6.4AI score0.00054EPSS
Exploits0References1
OSV
OSVadded 2020/10/02 1:15 p.m.1 views

UBUNTU-CVE-2020-18185

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...

9.8CVSS6.1AI score0.00475EPSS
Exploits1References3
CNVD
CNVDadded 2020/06/11 12:0 a.m.2 views

Zenphoto Code Injection Vulnerability

Zenphoto is a content management system CMS. The Zenphoto code injection vulnerability can be exploited by an attacker to execute arbitrary PHP code...

8.8CVSS8.1AI score0.0079EPSS
Exploits0References1
CNVD
CNVDadded 2019/05/16 12:0 a.m.2 views

GetSimple CMS Remote Code Execution Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...

9.8CVSS8.5AI score0.54617EPSS
Exploits5References1
Packet Storm
Packet Stormadded 2015/03/20 12:0 a.m.39 views

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Exploits0
Exploit DB
Exploit DBadded 2006/08/21 12:0 a.m.24 views

PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...

7.4AI score
Exploits0
Rows per page
Query Builder