Lucene search
K

193 matches found

CVE
CVE
added 2025/08/22 12:0 a.m.22 views

CVE-2025-50859

CVE-2025-50859 affects Easy Hosting Control Panel (EHCP) 20.04.1.b and is a reflected cross-site scripting vulnerability in the Change Template function. An authenticated user can supply a crafted template parameter to trigger arbitrary JavaScript execution, with impact described as partial in so...

6.1CVSS6.8AI score0.00272EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:6 a.m.4 views

CVE-2014-8304

Cross-site scripting XSS vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the nexttemplate parameter to admin/index.php...

4.3CVSS6AI score0.00931EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.11 views

WordPress plugin Madara 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

9.8CVSS8.6AI score0.09094EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2025/05/05 3:28 a.m.400 views

Exploit for CVE-2025-4524

CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LF...

9.8CVSS9.5AI score0.09094EPSS
Exploits5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.5 views

SourceCodester Online ID Generator System 安全漏洞

SourceCodester Online ID Generator System is an online identity generator system from SourceCodester open source. A security vulnerability exists in SourceCodester Online ID Generator System version 1.0, which originates from a SQL injection due to incorrect manipulation of the parameter template...

9.8CVSS7.8AI score0.00443EPSS
Exploits1References2
CVE
CVE
added 2025/04/16 12:0 a.m.54 views

CVE-2024-40073

SourceCodester Online ID Generator System 1.0 is affected by a SQL injection vulnerability in the template parameter of id_generator/admin/?page=generate&template=4. The root cause is improper input handling leading to injection, exposing high-risk impact on confidentiality, integrity, and availa...

9.8CVSS8.3AI score0.00443EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

WordPress plugin MinimogWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.8AI score0.0071EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/13 3:50 a.m.19 views

CVE-2025-1661

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...

9.8CVSS7.9AI score0.54756EPSS
Exploits2References1
OSV
OSV
added 2025/03/11 4:15 a.m.4 views

CVE-2025-1661

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...

9.8CVSS6.3AI score0.54756EPSS
Exploits2References4
NVD
NVD
added 2025/02/12 7:15 a.m.19 views

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

9.8CVSS0.00447EPSS
Exploits0References2
OSV
OSV
added 2025/01/27 5:15 p.m.4 views

DEBIAN-CVE-2024-54146

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of hosttemplates.php using the graphtemplate parameter. This vulnerability is fixed in 1.2.29...

8.8CVSS5.7AI score0.40996EPSS
Exploits1References1
OSV
OSV
added 2025/01/27 5:15 p.m.2 views

UBUNTU-CVE-2024-54146

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of hosttemplates.php using the graphtemplate parameter. This vulnerability is fixed in 1.2.29...

8.8CVSS5.9AI score0.40996EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.8 views

Cacti SQL注入漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a SQL injection vulnerability that stems from improper...

8.8CVSS7.6AI score0.40996EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

PluXml 安全漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version v5.8.16 and earlier versions, which stems from a Remote Code Execution RCE vulnerability in the...

9.8CVSS7AI score0.00831EPSS
Exploits0References1
OSV
OSV
added 2024/08/17 6:15 a.m.5 views

CVE-2024-6459

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

9.8CVSS6AI score0.01022EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.6 views

The vulnerability of the ssvpn_config_mod function in the /vpn/list_ip_network.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software allows a malicious actor to execute arbitrary commands.

The vulnerability of the ssvpnconfigmod function in the /vpn/listipnetwork.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software is related to the failure to eliminate special elements used in commands when processing parameters like template and...

10CVSS7AI score0.23402EPSS
Exploits1References4Affected Software4
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.18 views

Raisecom MSG1200、Raisecom MSG2100E、Raisecom MSG2200和Raisecom MSG2300 操作系统命令注入漏洞

The Raisecom MSG1200 and others are a Gigabit Converged Gateway from Raisecom China. An OS command injection vulnerability exists in the Raisecom MSG1200, Raisecom MSG2100E, Raisecom MSG2200, and Raisecom MSG2300 version 3.90, which originates from the parameter template/ in file...

9.8CVSS6.9AI score0.24873EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.13 views

Raisecom MSG1200、Raisecom MSG2100E、Raisecom MSG2200和Raisecom MSG2300 安全漏洞

The Raisecom MSG1200 and others are a Gigabit converged gateway from Raisecom China. A security vulnerability exists in the Raisecom MSG1200, Raisecom MSG2100E, Raisecom MSG2200, and Raisecom MSG2300 version 3.90, which originates from the parameter template/stylenum in the file...

9.8CVSS6.6AI score0.23402EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.9 views

PT-2024-5851

Name of the Vulnerable Software and Affected Versions Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 version 3.90 Description A critical vulnerability was found in the Web Interface component of Raisecom devices, specifically in the file list base config.php. The manipulation of the template...

10CVSS6.7AI score0.934EPSS
Exploits4References24
CNNVD
CNNVD
added 2024/05/26 12:0 a.m.2 views

JFinalCMS 跨站脚本漏洞

JFinalCMS is a content management system by heyewei personal developer. A cross-site scripting vulnerability exists in JFinalCMS version 20240111 and earlier, which stems from a cross-site scripting XSS vulnerability in the directory parameter of file /admin/template...

5.4CVSS4.4AI score0.00368EPSS
Exploits1References4
Rows per page
Query Builder