Lucene search
K

610 matches found

Patchstack
Patchstack
added 3 days ago3 views

WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Audrey versions = 1.5...

8.1CVSS5.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 1:47 p.m.9 views

EUVD-2025-210246

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS5.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40760

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39549

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

8.1CVSS0.00423EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-39573

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.18 views

CVE-2025-69170 WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.18 views

CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 10:18 a.m.8 views

EUVD-2026-37063

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS6.5AI score0.00472EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50117

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49654

Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...

8.6CVSS6.6AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:50 p.m.8 views

EUVD-2026-36429

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 2:46 p.m.29 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:12 p.m.9 views

EUVD-2018-21861

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/17 12:12 p.m.49 views

CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 12:11 p.m.13 views

EUVD-2018-21858

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25338

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from SQL injections in the hashtag parameter,...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder