Lucene search
K

92 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2025-210252

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.5 views

EUVD-2026-36963

Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...

7.5CVSS5.1AI score0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-58897

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS5.5AI score0.00337EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 5:41 a.m.12 views

WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fermentio versions = 1.5.0...

8.1CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/20 2:27 a.m.18 views

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.11 views

@saltcorn/cli (>=1.5.0 <=1.5.0-rc.2), @saltcorn/mobile-builder (>=1.5.0 <=1.5.0-rc.2) potentially affected by unknown CVE via @saltcorn/server (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-16318352...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.9 views

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS6.6AI score0.00845EPSS
Exploits5References1
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-22484

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...

9.3CVSS0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-22484 WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...

9.3CVSS5.9AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 8:25 a.m.22 views

CVE-2026-2421 ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. Thi...

6.5CVSS0.00497EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 8:14 a.m.24 views

CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0...

9.8CVSS0.00511EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 8:14 a.m.3 views

CVE-2025-60237

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0...

9.8CVSS5.8AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:55 p.m.5 views

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS0.00845EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:16 a.m.6 views

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.1AI score0.0055EPSS
Exploits1References16Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.01046EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:54 a.m.4 views

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.01046EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/24 3:2 a.m.6 views

CVE-2026-3066 HummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injection

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command...

6.5CVSS5.3AI score0.10895EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.5 views

CVE-2026-24585

Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through = 1.5.0...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.2 views

CVE-2025-14985

The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alphablockcss’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.0019EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/24 4:29 a.m.7 views

WordPress Alpha Blocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'alphablockcss' Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Alpha Blocks versions = 1.5.0...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder