8 matches found
NocoBase 2.0.27 - VM Sandbox Escape
Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...
CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...
PT-2026-30342
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo core handle dropped media" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. Thi...
PT-2023-28713 · Unknown · Franfinance
Name of the Vulnerable Software and Affected Versions: franfinance versions prior to 2.0.27 Description: The issue allows a remote attacker to execute arbitrary code via the validation.php and controllers/front/validation.php components. Recommendations: For versions prior to 2.0.27, update to...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in Prestashop franfinance prior to version v.2.0.27, which stems from the ability to...
PT-2023-11902 · Unknown · Ons Digital Ras Collection Instrument
Name of the Vulnerable Software and Affected Versions: ONS Digital RAS Collection Instrument versions up to 2.0.27 Description: A critical issue was found in the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT BODY leads to os command injection...
VulnCheck KEV: CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the openldap-clients-2.0.27 package of the Red Hat Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...