CVE-2026-43935

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection

Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...

DEBIAN-CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...