Lucene search
+L

870 matches found

OSV
OSV
added 3 days ago2 views

CVE-2026-45072 Symfony: Stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler fileexcerpt Twig filter escapes PHP files through highlightstring but interpolates lines from non-PHP files directly into...

2CVSS6.1AI score0.00232EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-45072 Symfony: Stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler fileexcerpt Twig filter escapes PHP files through highlightstring but interpolates lines from non-PHP files directly into...

2CVSS0.00232EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-43133

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS6.5AI score0.00553EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:10 p.m.7 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References4
CVE
CVE
added 2026/07/07 4:10 p.m.13 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
NVD
NVD
added 2026/07/06 8:16 a.m.9 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:0 a.m.5 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS6.2AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/07/04 8:16 a.m.6 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 6:54 a.m.44 views

CVE-2026-12194 PHPIPAM Authenticated LFI

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS0.00378EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 6:54 a.m.29 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that can allow API-authenticated users to include arbitrary PHP files on the server filesystem. The API is not enabled by default on installations. The CVSS metrics indicate a low-severity issue with network access, low ef...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.6 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 5:56 p.m.46 views

CVE-2026-45135

CVE-2026-45135 (Caddy) describes two Unicode bypass flaws in the FastCGI splitPos logic (modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go) that mis-use golang.org/x/text/search with IgnoreCase when a non-ASCII byte appears in the request path. This can cause a non-.php file to be treated as a sc...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/20 1:37 p.m.12 views

EUVD-2022-56008

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS6.8AI score0.00629EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 1:37 p.m.7 views

CVE-2022-50972

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS6.8AI score0.00629EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/13 7:16 a.m.21 views

CVE-2026-9062

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

3.4CVSS0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 6:0 a.m.9 views

CVE-2026-9062 Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 6:16 p.m.18 views

CVE-2026-45062

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS0.00568EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:38 p.m.4 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS6.5AI score0.00568EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 5:38 p.m.22 views

CVE-2026-45062

CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 5:38 p.m.50 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS0.00568EPSS
Exploits0References2
Rows per page
Query Builder