58 matches found
CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
CVE-2023-0164
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...
UBUNTU-CVE-2023-39357
Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric, the sqlsave function directly utilizes user input. Many files and functions calling the sqlsave function do not perform prior validation...
WordPress Forminator 1.24.6 Shell Upload
Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...
CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4,...
CVE-2020-36708 Epsilon Framework Themes (Various Versions) - Function Injection
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4,...
CVE-2020-36708 Epsilon Framework Themes (Various Versions) - Function Injection
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4,...
WordPress theme Epsilon Framework 代码注入漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A code injection vulnerability exists in WordPress theme Epsilon Framework, which stems from...
WordPress Sparkling theme <= 2.4.8 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability discovered in WordPress Sparkling theme versions = 2.4.8 by NinTechNet. Solution Update the WordPress Sparkling theme to the latest available version at least 2.4.9...
Remote Code Execution (RCE)
total.js is vulnerable to remote code execution. Lack of sanitization of user-provided values allows an attacker to inject and execute malicious code via the function utils.set...
WordPress Epsilon Framework SSRF / Denial of Service
Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...
Widespread Scans Underway for RCE Bugs in WordPress Websites
Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have...
WordPress Newspaper X theme <= 1.3.1 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Newspaper X theme versions = 1.3.1. Solution Update the WordPress Newspaper X theme to the latest available version at least 1.3.2...
WordPress MedZone Lite <=1.2.5 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress MedZone Lite versions =1.2.5. Solution Update the WordPress MedZone Lite to the latest available version at least 1.2.6...
WordPress Allegiant theme <= 1.2.5 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Allegiant theme versions = 1.2.5. Solution Update the WordPress Allegiant theme to the latest available version at least 1.2.6...
WordPress Activello theme <= 1.4.1 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Activello theme versions = 1.4.1. Solution Update the WordPress Activello theme to the latest available version at least 1.4.2...