Lucene search
K

562 matches found

Nuclei
Nuclei
added yesterday80 views

WordPress Loco Translate < 2.6.1 - Cross-Site Scripting

Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vulnerability caused by improper removal of inline events from source translation strings, allowing authenticated users to inject arbitrary JavaScript payloads. id: CVE-2022-0765 info: name: WordPress Loco Transla...

5.4CVSS6.2AI score0.03932EPSS
Exploits4References3
NVD
NVD
added 6 days ago5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1953 TensorFlow has segmentation fault in tfg-translate

Impact Out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic...

7.5CVSS6.6AI score0.00516EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34114

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:21 p.m.10 views

EUVD-2026-41073

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:21 p.m.38 views

CVE-2026-34114 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:16 p.m.21 views

CVE-2026-34107

CVE-2026-34107 affects Guardian Language-System. The vulnerability is an unauthenticated OS command injection via the id parameter in translate.php, where the id GET parameter is passed directly into an exec() call without sanitization. An unauthenticated remote attacker can append shell metachar...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:16 p.m.8 views

EUVD-2026-41064

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:16 p.m.7 views

CVE-2026-34107

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 4:16 p.m.37 views

CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.0068EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:15 p.m.8 views

EUVD-2026-41062

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:15 p.m.17 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 a.m.14 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

9.8CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 a.m.10 views

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 a.m.31 views

CVE-2026-8665 OS Command Injection in Rapid7 InsightConnect Translate Plugin

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS0.00675EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 a.m.6 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:12 a.m.16 views

CVE-2026-8665

CVE-2026-8665 affects the Rapid7 InsightConnect Translate Plugin (Linux) via the TR action. The root cause is insufficient input sanitization in shell command construction within the TR action, allowing an attacker to supply text or expression parameters that leads to OS command execution. Docume...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS5.9AI score0.01028EPSS
Exploits3References1
Rows per page
Query Builder