Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 5:59 p.m.5 views

CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

6.9CVSS5.8AI score0.00397EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/21 5:11 a.m.4 views

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

8.8CVSS5.6AI score0.00415EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20766

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.46...

5.5AI score0.00042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:58 p.m.9 views

CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...

4.3CVSS7.4AI score0.0054EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2025/04/28 12:0 a.m.56 views

glibc security update

2.34-125.0.1.8 - Forward-port Oracle patches for ol9-u5 glibc-2.34-125.0.1.8 Reviewed by: David Faust Oracle history:...

7.5CVSS7.5AI score0.00349EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.3 views

OneBlog 安全漏洞

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...

6.1CVSS6AI score0.00375EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.5 views

SUSE CVE-2021-43396

In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor states "t...

7.5CVSS8.7AI score0.02943EPSS
Exploits1References3
Rows per page
Query Builder