Lucene search
K

1705 matches found

Patchstack
Patchstack
added 2026/05/07 7:53 a.m.14 views

WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WEN Logo Slider versions = 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin WEN Logo Slider 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38351

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.6 views

WordPress Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid plugin <= 3.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Logo Showcase with Slick Slider versions = 3.2.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/27 8:45 a.m.34 views

CVE-2026-7107 code-projects Invoice System in Laravel company unrestricted upload

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 8:45 a.m.6 views

CVE-2026-7107 code-projects Invoice System in Laravel company unrestricted upload

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 8:45 a.m.26 views

CVE-2026-7107

Technical details about CVE-2026-7107 are not publicly available in the provided documents. Monitor for updates from official advisories.

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 8:45 a.m.6 views

EUVD-2026-25804

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 8:45 a.m.3 views

CVE-2026-7107

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.18 views

PT-2026-35380

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/21 7:58 p.m.8 views

EUVD-2026-24485

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

8.3CVSS5.8AI score0.00173EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the objects/configurationUpdate.json.php file, which protected the endpoint through...

8.3CVSS5.7AI score0.00173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.8 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/19 9:30 a.m.6 views

EUVD-2026-23686

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 8:16 a.m.9 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/04/19 7:15 a.m.18 views

CVE-2026-6561

EyouCMS

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 7:15 a.m.4 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 7:15 a.m.8 views

CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 7:15 a.m.31 views

CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.7 views

PT-2026-33618

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References5
Rows per page
Query Builder