Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

93258 matches found

Cvelist
Cvelistadded 2026/06/08 3:0 a.m.40 views

CVE-2026-11482 SourceCodester Class and Exam Timetabling System archive5.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS0.0029EPSS
Exploits0References6
NVD
NVDadded 2026/06/08 2:16 a.m.11 views

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS0.00613EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/08 1:55 a.m.42 views

CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

9.8CVSS0.00838EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/08 1:55 a.m.6 views

CVE-2024-58348

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

9.8CVSS6.7AI score0.00838EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/06/08 1:55 a.m.7 views

EUVD-2023-60583

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/08 1:55 a.m.5 views

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/06/08 1:55 a.m.24 views

CVE-2023-54350

Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/08 1:55 a.m.12 views

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/08 1:55 a.m.43 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS0.00532EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/08 1:55 a.m.6 views

EUVD-2022-56000

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00342EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/08 1:55 a.m.10 views

EUVD-2021-34849

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/08 1:55 a.m.8 views

CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
NVD
NVDadded 2026/06/08 1:16 a.m.11 views

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVEadded 2026/06/08 12:30 a.m.31 views

CVE-2026-11472

The CVE-2026-11472 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in the /index1.php file triggered by manipulating the Password parameter. It is remotely exploitable and the exploit has been publicly disclosed (PoC activity indicated). No spec...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/08 12:30 a.m.5 views

CVE-2026-11472

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

7.5CVSS7AI score0.00263EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/08 12:15 a.m.7 views

CVE-2026-11471 SourceCodester Class and Exam Timetabling System index2.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/08 12:15 a.m.10 views

EUVD-2026-35002

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/08 12:15 a.m.6 views

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References6Affected Software1
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.7 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.9 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
Rows per page
Query Builder