Lucene search
K

93385 matches found

OSV
OSV
added 2026/02/20 11:15 p.m.5 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/02/20 11:15 p.m.10 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS0.00376EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:54 p.m.5 views

CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6AI score0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/20 10:54 p.m.23 views

CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS0.00376EPSS
Exploits0References3
NVD
NVD
added 2026/02/20 7:23 p.m.9 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS0.00212EPSS
Exploits1References2
NVD
NVD
added 2026/02/20 5:25 p.m.5 views

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 5:25 p.m.10 views

CVE-2025-70833

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user including the administrator and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php...

9.4CVSS0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 5:23 p.m.7 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00359EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/20 5:23 p.m.24 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS0.00359EPSS
Exploits1References2
CVE
CVE
added 2026/02/20 5:23 p.m.17 views

CVE-2026-24891

openITCOCKPIT prior to 5.4.0 contains an unsafe deserialization sink in the Gearman worker (oitc_gearman) that calls PHP’s unserialize() on job payloads without class restrictions or origin validation. This enables PHP Object Injection when Gearman is exposed to untrusted systems or network acces...

7.5CVSS5.9AI score0.00359EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/20 4:48 p.m.9 views

CVE-2026-27504

SVXportal

6.1CVSS5.4AI score0.00183EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 4:48 p.m.5 views

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 4:48 p.m.5 views

CVE-2026-27502 SVXportal <= 2.5 log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 4:48 p.m.12 views

CVE-2026-27502

CVE-2026-27502 affects SVXportal

6.1CVSS5.6AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/20 4:48 p.m.26 views

CVE-2026-27502 SVXportal <= 2.5 log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

6.1CVSS0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 4:22 p.m.12 views

CVE-2026-22380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through = 1.2.3...

8.1CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2026-22369

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through = 1.5...

8.1CVSS0.00512EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 4:22 p.m.5 views

CVE-2025-70831

A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...

9.8CVSS5.9AI score0.00917EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-69407

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

8.1CVSS0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-69402

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through = 1.5...

8.1CVSS0.00561EPSS
Exploits0References1
Rows per page
Query Builder