Lucene search
+L

586 matches found

cvelist
cvelist
added 4 days ago31 views

CVE-2026-15488 hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS0.00291EPSS
Exploits0References7
osv
osv
added 4 days ago1 views

CVE-2026-15488 hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

6.9CVSS6.7AI score0.00291EPSS
Exploits0References9
osv
osv
added 2026/07/08 10:9 a.m.7 views

RHSA-2026:36201 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

8.8CVSS5.9AI score0.01038EPSS
Exploits0References12
nvd
nvd
added 2026/06/26 3:16 p.m.11 views

CVE-2026-57655

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS0.00112EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/26 2:53 p.m.8 views

CVE-2026-57655

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS5.8AI score0.00112EPSS
Exploits0References2
cve
cve
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57655

The CVE-2026-57655 entry concerns the WordPress plugin WordPress Child Theme Wizard (versions

8.2CVSS5.8AI score0.00112EPSS
Exploits0References1
osv
osv
added 2026/06/24 2:17 p.m.5 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score
Exploits0References1
euvd
euvd
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38786

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.22 views

PT-2026-51536

Name of the Vulnerable Software and Affected Versions Control Builder A versions prior to 1.4/4 800xA for Advant Master versions prior to 6.0.3-1 800xA for Advant Master versions prior to 6.1.1-1 800xA for Advant Master version 6.1.1-3 800xA for Advant Master version 6.2.0-1 Description An...

4.4CVSS5.8AI score0.00083EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/16 8:57 p.m.28 views

CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

8.1CVSS0.0025EPSS
Exploits0References1
cve
cve
added 2026/06/16 8:57 p.m.18 views

CVE-2026-40739

CVE-2026-40739 affects the WordPress LuxeDrive theme versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 8:59 a.m.10 views

CVE-2026-10738

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00253EPSS
Exploits0References1
githubexploit
githubexploit
added 2026/06/09 11:16 a.m.63 views

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

8.2CVSS5.5AI score0.00396EPSS
Exploits2
nvd
nvd
added 2026/06/09 5:16 a.m.10 views

CVE-2026-10738

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00253EPSS
Exploits0References5
euvd
euvd
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35312

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00253EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.9 views

CVE-2026-38669

wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.24 views

PT-2026-45753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References2
nvd
nvd
added 2026/05/27 7:16 a.m.21 views

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS
Exploits0References3
euvd
euvd
added 2026/05/27 5:31 a.m.13 views

EUVD-2026-32068

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8868 Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder