CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

CVE-2026-3026 affects erzhongxmu JEEWMS 3.7. The issue targets the /plug-in/ueditor/jsp/getRemoteImage.jsp component of UEditor, where manipulating the upfile argument triggers a server-side request forgery (SSRF). Exploitation is remote and publicly disclosed; the vendor was contacted but did no...

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

SUSE CVE-2024-8184

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote which can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

CVE-2023-1895

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

WordPress Plugin Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Plugin Getwid Gutenberg Blocks 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Command Injection in sh0ji/git-tags-remote

Overview git-tags-remote is a Get remote repository tags, this package is vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This can allow attackers to execute arbitrary code in the system if the...

EulerOS 2.0 SP2 : golang (EulerOS-SA-2017-1311)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that...

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerability of the SharedObject object implementation in Flash Player and Adobe Integrated Runtime is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely by causing “type mismatches” during the getRemote call...

flash-plugin: multiple code execution issues fixed in APSB15-32

The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to...

Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)

!/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+ Webserver 2 SEH Overwrite Written by...