Lucene search
K

93341 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Horizon 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin The Qlean 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Manoir 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

WordPress plugin ConFix 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Dr.Patterson 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.5 views

WordPress plugin WealthCo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.11 views

Alibaba Cloud Linux 3 : 0043: php:7.4 (ALINUX3-SA-2026:0043)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0043 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-11233: In PHP versions 8.1. befor...

9.8CVSS6.2AI score0.02286EPSS
Exploits10References14
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.3 views

Debian dsa-6154 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6154 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6154-1 [email protected] https://www.debian.org/securit...

8.2CVSS6AI score0.00573EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23145

Name of the Vulnerable Software and Affected Versions don-themes Molla versions through 1.5.16 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local fil...

5.8AI score0.00504EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress,WordPress plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2026-d781fd2f6b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6AI score
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.5 views

WordPress plugin Mahogany 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/03/04 6:16 p.m.8 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 6:16 p.m.3 views

CVE-2019-25501

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

8.2CVSS5.9AI score0.00342EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 5:36 p.m.5 views

CLSA-2026-1772645765 Update of alt-php

New microcode update packages from upstream up to 2026-02-21: - Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21ver:0x0B002161, cpuid:0x00B00F81ver:0x0B008121, cpuid:0x00B10F10ver:0x0B101058, cpuid:0x00B20F40ver:0x0B204037, cpuid:0x00B40F40ver:0x0B404035,...

5.7AI score
Exploits0References1
NVD
NVD
added 2026/03/04 5:16 p.m.8 views

CVE-2026-28697

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write...

9.4CVSS0.01067EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.4 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/04 5:15 p.m.10 views

CVE-2019-25507

Ashop Shopping Cart Software is affected by an SQL injection vulnerability in the index.php handler: the 'shop' parameter accepts malicious input leading to UNION-based SQL injection. This is exploitable by unauthenticated attackers and can disclose sensitive data due to the high impact on confid...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 5:15 p.m.5 views

CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

7.1CVSS6.2AI score0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/04 4:26 p.m.4 views

CVE-2026-28697 Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution RCE by injecting a Server-Side Template Injection SSTI payload into Twig template fields e.g., Email Templates. By calling the craft.app.fs.write...

9.4CVSS6.3AI score0.01067EPSS
Exploits1References4
Rows per page
Query Builder