Lucene search
+L

926 matches found

CNNVD
CNNVD
added 2026/03/30 12:0 a.m.12 views

Core FTP/SFTP Server 缓冲区错误漏洞

Core FTP/SFTP Server is a file transfer server software developed by Core FTP Corporation. Version 1.2 of Core FTP/SFTP Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the user domain field, which could allow attackers to cause the service to crash...

8.7CVSS6.1AI score0.00691EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-27083

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-1800

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.9 views

EUVD-2026-15580

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...

5.8AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.7 views

CVE-2026-27077

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through = 1.2...

8.1CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.14 views

CVE-2026-27083

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

9.8CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.6 views

CVE-2026-24970

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...

7.7CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

9.8CVSS0.00375EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.4 views

CVE-2026-27083

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

5.8AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-27077 WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through = 1.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.29 views

CVE-2026-24970 WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...

7.7CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.32 views

CVE-2026-22511 WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through = 1.2...

8.1CVSS0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.31 views

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

8.1CVSS0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Lella 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27982

Name of the Vulnerable Software and Affected Versions ThemeREX Work & Travel Company versions through 1.2 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts the Work & Travel Company application. Recommendations...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-27863

Name of the Vulnerable Software and Affected Versions Energox versions n/a through 1.2 Description An improper limitation of a pathname to a restricted directory 'Path Traversal' exists in designingmedia Energox energox, allowing Path Traversal. This allows an attacker to potentially access files...

7.7CVSS5.9AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-27976

Name of the Vulnerable Software and Affected Versions Mikado-Themes MultiOffice versions n/a through 1.2 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes MultiOffice...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Morning Records 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.9AI score0.00395EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:54 p.m.12 views

WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability

Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/21 4:17 a.m.11 views

CVE-2026-3347

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

5.5CVSS0.0026EPSS
Exploits0References5
Rows per page
Query Builder