Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/07/01 3:43 a.m.36 views

CVE-2026-12923 Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS0.00319EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.11 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2007/05/03 12:0 a.m.49 views

yapig-exec.txt

" The variables receives by the form POST: - integer $gid the gid of the gallery - interger $phid the phid of the image - string $tit title of the comment - string $author author name - string $mail comment authoer email - string $web comment author web - string $msg comment itself @package user ...

7.4AI score
Exploits0
Prion
Prion
added 2007/04/24 5:19 p.m.13 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...

6.8CVSS8.2AI score0.07034EPSS
Exploits0References15Affected Software1
Rows per page
Query Builder