Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7187 matches found

Metasploit
Metasploitadded 2026/03/09 6:57 p.m.250 views

SPIP Saisies Plugin Unauthenticated RCE

This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...

9.8CVSS6.2AI score0.85415EPSS
Exploits5
RedhatCVE
RedhatCVEadded 2026/03/08 1:44 a.m.4 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00067EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/07 3:30 a.m.2 views

EUVD-2026-10105

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00067EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/07 1:21 a.m.1 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00067EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/07 1:21 a.m.1 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00067EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/07 1:21 a.m.28 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS0.00067EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/07 12:0 a.m.3 views

PT-2026-23820

Name of the Vulnerable Software and Affected Versions Easy PHP Settings plugin for WordPress versions up to and including 1.0.4 Description The Easy PHP Settings plugin for WordPress is susceptible to PHP Code Injection due to inadequate input validation on the wp memory limit and wp max memory...

7.2CVSS6AI score0.00067EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.1 views

PT-2026-23255

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

5.9AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/04 1:56 a.m.2 views

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00181EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2026/02/24 12:0 a.m.101 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...

9.8CVSS6.1AI score0.85415EPSS
Exploits5
RedhatCVE
RedhatCVEadded 2026/02/22 1:28 a.m.1 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score0.00082EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2026/02/20 12:0 a.m.99 views

📄 Selenium Server (Grid) 4.27.0 Code Injection

Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...

5.5AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/02/19 12:0 a.m.3 views

PT-2026-20630

Name of the Vulnerable Software and Affected Versions Prodigy Commerce versions prior to 3.2.9 Description The Prodigy Commerce plugin for WordPress is susceptible to a Local File Inclusion issue. This allows unauthenticated attackers to include and read arbitrary files or execute arbitrary files...

9.8CVSS6.2AI score0.29091EPSS
Exploits4References13
NVD
NVDadded 2026/02/18 7:16 a.m.1 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS0.00024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/18 6:42 a.m.3 views

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

7.2CVSS6.1AI score0.0003EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/02/18 6:42 a.m.2 views

CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00024EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/18 1:40 a.m.3 views

CVE-2025-12062

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS6.4AI score0.00067EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/10 12:0 a.m.2 views

PT-2026-7321

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description ClipBucket is an open source video sharing platform. A Time-of-Check to Time-of-Use TOCTOU race condition exists in the avatar and background image upload functionality. The application moves...

9.3CVSS5.9AI score0.00055EPSS
Exploits1References4
Packet Storm
Packet Stormadded 2026/02/06 12:0 a.m.154 views

📄 MikroTik RouterOS WinBox 3.41 Username Enumeration

Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...

5.3AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/02/05 7:23 p.m.6 views

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS6.5AI score0.00067EPSS
Exploits1References1
Rows per page
Query Builder