Lucene search
K

192 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41528

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score
Exploits0References6
CVE
CVE
added 5 hours ago10 views

CVE-2026-5137

The RTMKit (rometheme-for-elementor) WordPress plugin is affected by a Local File Inclusion in versions up to 2.0.7 due to insufficient path validation on the template parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. Auth...

4.3CVSS6.2AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51000

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An incomplete fix for a previous issue in this Laravel and Git powered content management system CMS left in-memory collection sorting unprotected, although the...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/20 4:27 a.m.10 views

EUVD-2026-31062

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 4:27 a.m.9 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 4:27 a.m.29 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 4:27 a.m.46 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Advanced Database Cleaner – Premium 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6AI score0.00755EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42104

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 3:37 a.m.16 views

CVE-2026-5957

The CVE concerns the WordPress EmailKit plugin (versions up to and including 1.6.5). A path traversal flaw in CheckForm.php::create_template() uses realpath() on the allowed base directory (wp-content/uploads/emailkit/templates/), which may not exist, causing realpath() to return false. In PHP 8....

6.5CVSS5.9AI score0.0057EPSS
Exploits0References10
NVD
NVD
added 2026/04/29 4:16 p.m.8 views

CVE-2025-56537

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter...

6.1CVSS0.00185EPSS
Exploits3References2
CVE
CVE
added 2026/04/29 12:0 a.m.11 views

CVE-2025-56537

CVE-2025-56537 affects OpenNebula OpenNebula v6.10.0.1; the stored XSS occurs via a crafted payload injected into the virtual network template parameter. The issue is fixed in OpenNebula 7.0. An attacker can trigger the stored XSS through the vulnerable web UI (Sunstone) under network template in...

6.1CVSS5.3AI score0.00185EPSS
Exploits3References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/24 2:20 a.m.3 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2
EUVD
EUVD
added 2026/04/16 9:31 a.m.4 views

EUVD-2026-23205

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS6AI score0.00816EPSS
Exploits0References6
CVE
CVE
added 2026/04/16 6:44 a.m.13 views

CVE-2026-1620

The CVE-2026-1620 issue affects the WordPress plugin Livemesh Addons for Elementor (versions

8.8CVSS6AI score0.00816EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/16 6:44 a.m.31 views

CVE-2026-1620 Livemesh Addons by Elementor <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS0.00816EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:44 a.m.5 views

CVE-2026-1620

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS6AI score0.00816EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.4 views

CVE-2026-1620 Livemesh Addons by Elementor <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...

8.8CVSS6AI score0.00816EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/16 12:49 a.m.5 views

WordPress Livemesh Addons by Elementor plugin <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability

Authenticated Contributor+ Local File Inclusion via Widget Template Parameter vulnerability discovered by Webbernaut in WordPress Plugin Livemesh Addons for Elementor versions = 9.0...

8.8CVSS5.8AI score0.00816EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder