Lucene search
K

88 matches found

NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-14249 Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-54640

Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.6 views

CVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

6.8AI score0.00572EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 7:16 p.m.6 views

CVE-2026-32261

Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...

8.5CVSS0.00382EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.10 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...

8.5CVSS6AI score0.00382EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.10 views

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS6.2AI score0.00553EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.11 views

CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

9.8CVSS6.9AI score0.08877EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.8 views

Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00247EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.29 views

CVE-2025-66844

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

0.00247EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.9 views

Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)

Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Details Grav CMS uses a custom sandbox to protect the powerful Twig methods...

8.8CVSS9AI score0.00527EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2117

Malware in sbrugna...

5CVSS6AI score0.02047EPSS
Exploits5References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-5868

Malware in sbrugna...

6.4CVSS6AI score0.02788EPSS
Exploits0References41
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4693

Malware in sbrugna...

5CVSS6.4AI score0.00949EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-2118

Malware in sbrugna...

5CVSS6.1AI score0.02403EPSS
Exploits2References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1077

Malware in sbrugna...

7.5CVSS6AI score0.01954EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-0419

Malicious code in bioql PyPI...

9.9CVSS8.6AI score0.01333EPSS
Exploits0References5
OSV
OSV
added 2025/07/21 7:29 p.m.2 views

GHSA-49XW-HW94-FMV2 Dolibarr has Remote Code Execution Vulnerability (Bypass)

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

8.8CVSS8.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.11 views

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

9.8CVSS7.4AI score0.12442EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

WordPress plugin Secure Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.6CVSS6.6AI score0.00435EPSS
Exploits1References1
Rows per page
Query Builder