Lucene search
+L

4 matches found

nvd
nvd
added 6 days ago15 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References6
osv
osv
added 2025/10/08 12:30 p.m.1 views

GHSA-CHW4-GJVW-3GXC Melis Platform CMS Unauthenticated File Upload Leading to RCE

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

9.3CVSS8.3AI score0.02503EPSS
Exploits3References5
github
github
added 2025/10/08 12:30 p.m.7 views

Melis Platform CMS Unauthenticated File Upload Leading to RCE

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

9.3CVSS8.3AI score0.02503EPSS
Exploits3References5Affected Software1
cve
cve
added 2025/10/08 10:47 a.m.23 views

CVE-2025-10353

CVE-2025-10353 is an RCE via unrestricted file upload in Melis Technology's Melis Platform, specifically the melis-cms-slider module. A crafted POST to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm uploading via the mcsdetail_img parameter can allow an attacker to place and execute ...

9.3CVSS7.9AI score0.02503EPSS
In wildExploits3References2
Rows per page
Query Builder