Lucene search
K

9 matches found

NVD
NVD
added 2026/06/29 3:16 p.m.13 views

CVE-2026-49049

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

7.5CVSS0.00228EPSS
Exploits4References1
CVE
CVE
added 2026/06/29 2:34 p.m.113 views

CVE-2026-49049

The CVE-2026-49049 entry concerns the Helix3 Joomla extension by joomshaper. The vulnerability arises from an exposed ajax handler task within Helix3 that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. This indicates a remot...

7.5CVSS5.9AI score0.00228EPSS
Exploits4References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-1925

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 5:16 a.m.14 views

CVE-2026-1925

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.5 views

CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.8 views

PT-2023-18572 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of special elements used in a template engine. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: F...

9.1CVSS7.9AI score0.01089EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.45 views

openSUSE Security Update : claws-mail (openSUSE-2020-1822)

This update for claws-mail fixes the following issues : - Additional cleanup of the template handling claws-mail was updated to 3.17.8 boo1177967 - Shielded template's |program and |attachprogram so that the command-line that is executed does not allow sequencing such as with && || ;, preventing...

9.8CVSS8.4AI score0.02592EPSS
Exploits0References3
OSV
OSV
added 2018/10/11 9:1 p.m.7 views

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

9.8CVSS6.1AI score0.01489EPSS
Exploits1References2
CNVD
CNVD
added 2018/08/31 12:0 a.m.5 views

DamiCMS Remote Code Execution Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A remote code execution vulnerability exists in DamiCMS version 6.0.1, which can be exploited by a remote attacker to execute code by sending a multipart/form-data POST request containing PHP code to the...

7.2CVSS7.7AI score0.02155EPSS
Exploits1References1
Rows per page
Query Builder