Lucene search
K

4713 matches found

NVD
NVD
added 13 hours ago6 views

CVE-2026-57793

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago7 views

CVE-2026-57801 WordPress SetSail theme <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS
Exploits0References1
CVE
CVE
added 14 hours ago12 views

CVE-2026-57794

Technical details about CVE-2026-57794 are not provided in connected documents. The initial description states a PHP Local File Inclusion in Golo Framework

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 14 hours ago13 views

CVE-2026-57795

CVE-2026-57795 affects the WordPress theme Kitchor (Themelexus) up to version

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 14 hours ago6 views

CVE-2026-57371

The CVE-2026-57371 entry describes a Deserialization of Untrusted Data vulnerability in the WordPress WPJAM Basic plugin (wpjam-basic), affecting versions up to 7.0. The underlying issue is object injection via deserialization, enabling an attacker to potentially execute unintended actions throug...

8.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago7 views

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

8.8CVSS7AI score0.01833EPSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago19 views

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS7.5AI score0.06589EPSS
Exploits1References2
CVE
CVE
added 2026/07/05 4:45 a.m.25 views

CVE-2026-14705

The CVE-2026-14705 entry affects code-projects Online Examination 1.0, specifically the head.php functionality. The issue arises from manipulating the uname/password arguments, enabling a SQL injection. It can be exploited remotely, and public exploit details exist. No remediation or affected ver...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:23 p.m.7 views

EUVD-2026-41075

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:18 p.m.18 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:10 p.m.19 views

CVE-2026-34100

Vulnerability: CVE-2026-34100 in Guardian Language-System. The media.php script builds an SQL query by concatenating the GET parameter id directly into a query: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$_GET['id']."'. This represents an unsanitized i...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:30 p.m.7 views

CVE-2026-13571

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/17 8:16 p.m.12 views

CVE-2026-12529

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote...

7.5CVSS0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 1:56 p.m.10 views

EUVD-2026-36431

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

5.1CVSS4AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.14 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 4:0 p.m.10 views

CVE-2026-11531 imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection

A security flaw has been discovered in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/adminlogin.php of the component Administrator Login Endpoint. Performing a manipulation of the argument ausr/apwd results in s...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-7238

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS5.2AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.15 views

CVE-2025-53440

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

8.1CVSS5.5AI score0.00415EPSS
Exploits0References1
Rows per page
Query Builder