Lucene search
K

2608 matches found

Nuclei
Nuclei
added yesterday6 views

Xerte Online Toolkits <= 3.15 - Remote Code Execution

Xerte Online Toolkits versions 3.15 and earlier expose the elFinder file manager connector at /editor/elfinder/php/connector.php without authentication CVE-2026-34413, because the access-control redirect for unauthenticated users does not call exit/die and execution continues server-side. This is...

9.8CVSS6.3AI score0.03575EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday15 views

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

9.1CVSS7.1AI score0.03946EPSS
Exploits2References2
NVD
NVD
added 2 days ago8 views

CVE-2026-15502

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-15493 Akpali9 Attendance-Management-System absent.php cross site scripting

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS0.00191EPSS
Exploits0References4
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
CVE
CVE
added 5 days ago11 views

CVE-2026-15137

CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57013

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0736 Description The PHP omni-completion script in runtime/autoload/phpcomplete.vim fails to escape class or trait names taken from the edited buffer before interpolating them into a search pattern executed via win...

8.4CVSS6.4AI score0.00169EPSS
Exploits1References5
The Hacker News
The Hacker News
added 6 days ago13 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.28583EPSS
Exploits15
Cvelist
Cvelist
added 2026/07/05 1:15 p.m.25 views

CVE-2026-14751 mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:30 a.m.6 views

CVE-2026-14735

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclose...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54634

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation UrlShortener affected versions not specified Description Improper input validation occurs within the includes/UrlShortenerUtils.Php file. Input validation is the process of ensuring that a program operates on clean, correc...

8.8CVSS6.1AI score0.00328EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.21 views

CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 1:31 p.m.11 views

EUVD-2026-38450

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:31 p.m.9 views

EUVD-2026-38229

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 5:35 p.m.6 views

EUVD-2019-20194

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 8:16 a.m.14 views

CVE-2026-9815

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

6.5CVSS0.00215EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/09 8:34 a.m.124 views

Exploit for CVE-2026-39023

CVE-2026-39023 RCE poc - RESPONSIVE filemanager v.9.14.0 las...

6.3AI score
Exploits1
NVD
NVD
added 2026/06/08 3:16 a.m.14 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.9 views

CVE-2024-58348

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

9.8CVSS6.7AI score0.00838EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/08 1:55 a.m.49 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS0.00532EPSS
Exploits0References2
Rows per page
Query Builder