CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Vulnrichment•added 2026/05/05 2:26 a.m.•4 views

CVE-2026-1921 Loco Translate <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read via 'ref' Parameter

The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...

4.9CVSS5.9AI score0.00311EPSS

Exploits0References7

OSV•added 2025/02/12 5:37 p.m.•3 views

DRUPAL-CONTRIB-2025-014

Open Social is a Drupal distribution for online communities, which ships with a default optional module social\language to make your platform multilingual. Some site administration configuration does not correctly check access when trying to translate allowing unauthorised people to translate the...

9.1CVSS6.6AI score0.00374EPSS

Exploits0References1

Fedora•added 2024/03/07 10:32 p.m.•29 views

[SECURITY] Fedora 40 Update: antlr-2.7.7-77.fc40

ANTLR, ANother Tool for Language Recognition, formerly PCCTS is a language tool that provides a framework for constructing recognizers, compilers, and translators from grammatical descriptions containing C++ or Java actions You can use PCCTS 1.xx to generate C-based parsers...

8.8CVSS6.9AI score0.45835EPSS

Exploits3

Fedora•added 2024/03/07 10:32 p.m.•26 views

[SECURITY] Fedora 40 Update: antlr3-3.5.3-10.fc40

ANother Tool for Language Recognition, is a language tool that provides a framework for constructing recognizers, interpreters, compilers, and translators from grammatical descriptions containing actions in a variety of target languages...

8.8CVSS6.9AI score0.45835EPSS

Exploits3

Openbugbounty•added 2023/03/31 8:35 p.m.•7 views

translators-net.com Cross Site Scripting vulnerability OBB-3243683

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score

Exploits0

CNNVD•added 2022/11/07 12:0 a.m.•1 views

WordPress plugin Complianz SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS8.2AI score0.00967EPSS

Exploits2References2

WPVulnDB•added 2022/10/17 12:0 a.m.•18 views

Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi

The plugins allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. PoC 1. Install Complianz and set the following...

8.8CVSS2.5AI score0.00967EPSS

Exploits2Affected Software2

Fedora•added 2022/07/30 1:55 a.m.•10 views

[SECURITY] Fedora 36 Update: golang-github-alecthomas-chroma-0.10.0-4.fc36

Chroma takes source code and other structured text and converts it into syntax highlighted HTML, ANSI-coloured text, etc. Chroma is based heavily on Pygments, and includes translators for Pygments lexers and styles...

7.6AI score

Exploits0

Fedora•added 2022/07/04 1:35 a.m.•22 views

[SECURITY] Fedora 36 Update: golang-github-alecthomas-chroma-0.10.0-3.fc36

9.3CVSS8.3AI score0.00963EPSS

Exploits4

OSV•added 2021/11/08 6:15 p.m.•1 views

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations...

6.5CVSS5.8AI score0.00497EPSS

Exploits2References1

Kitploit•added 2019/10/19 9:30 p.m.•154 views

IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices

IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...

7.7AI score

Exploits0References8

Fedora•added 2018/11/30 2:13 a.m.•29 views

[SECURITY] Fedora 28 Update: glusterfs-4.1.6-1.fc28

GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. GlusterFS is one of the most sophisticated file systems in terms of features and...

8.8CVSS1.3AI score0.02567EPSS

Exploits0

Fedora•added 2018/10/02 7:35 p.m.•34 views

[SECURITY] Fedora 29 Update: glusterfs-4.1.5-1.fc29

8.8CVSS1.3AI score0.04332EPSS

Exploits0

Fedora•added 2018/09/11 5:4 p.m.•29 views

[SECURITY] Fedora 28 Update: glusterfs-4.1.4-1.fc28

8.8CVSS1.3AI score0.04332EPSS

Exploits0

Fedora•added 2018/07/03 4:56 p.m.•21 views

[SECURITY] Fedora 28 Update: glusterfs-4.1.1-1.fc28