Lucene search
K

5 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43129

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for installaddon,...

8.8CVSS6.3AI score0.00606EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/09 9:58 p.m.26 views

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00907EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/16 9:31 p.m.8 views

GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...

8.1CVSS5.9AI score0.00382EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/01 6:30 a.m.4 views

Arbitrary Code Injection

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability. Remediation Upgrade llama-stack to version 0.1.5.1 or higher. References - GitHub...

9.8CVSS7.8AI score
Exploits0References3
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.238 views

Totaljs CMS 12.0 Widget Creation Code Injection

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Authenticated Code injection on widget creation. + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with “widgets” privilege can gain RCE on the remote server by creating a malicious widget with a...

7.4AI score
Exploits0
Rows per page
Query Builder