Lucene search
K

997 matches found

Cvelist
Cvelist
added 2026/02/20 3:47 p.m.28 views

CVE-2026-22364 WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...

8.1CVSS0.00403EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.4 views

CVE-2026-22361

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through = 1.0.2...

5.5AI score0.00512EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin SevenTrees 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Redy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21207

Name of the Vulnerable Software and Affected Versions axiomthemes SevenTrees versions through 1.0.2 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files within t...

8.1CVSS5.4AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21204

Name of the Vulnerable Software and Affected Versions axiomthemes A-Mart versions through 1.0.2 Description A flaw exists in axiomthemes A-Mart that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue could allow an attacker to includ...

5.4AI score0.00512EPSS
Exploits0References4
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2026-2282

The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.35 views

CVE-2025-14167 Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR || instead of AND &&, causing the validation to fail when the nonce field is not empty OR when...

4.3CVSS0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Remove Post Type Slug 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20639

Name of the Vulnerable Software and Affected Versions Slidorion versions up to and including 1.0.2 Description The Slidorion plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers...

4.4CVSS5.3AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-21300

Name of the Vulnerable Software and Affected Versions @langchain/langgraph-checkpoint-redis versions prior to 1.0.2 Description A query injection issue exists in the RedisSaver and ShallowRedisSaver classes of the @langchain/langgraph-checkpoint-redis package. These classes build RediSearch queri...

6.5CVSS5.8AI score0.03722EPSS
Exploits0References16
OSV
OSV
added 2026/02/17 6:55 p.m.4 views

GHSA-PPFX-73J5-FHXC Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

6.5CVSS6.1AI score0.00328EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/17 6:55 p.m.4 views

Server-side Request Forgery (SSRF)

Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...

9.1CVSS5.6AI score0.00328EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/17 8:9 a.m.9 views

WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Redy versions = 1.0.2...

8.1CVSS5.5AI score0.00403EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/14 6:42 a.m.24 views

CVE-2026-1905

CVE-2026-1905 : WordFence and Patchstack document a stored cross-site scripting vulnerability in the WordPress Sphere Manager plugin. The issue arises from insufficient input sanitization and output escaping in the width attribute of the show_sphere_image shortcode, affecting versions up to and i...

6.4CVSS5.7AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/14 5:54 a.m.31 views

CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification

The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.7 views

PT-2026-8045

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

5.3CVSS5.4AI score0.00255EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.7 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.13 views

PT-2026-7484

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn label' parameter in the 'orbisius random name generator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/10 10:58 p.m.7 views

WordPress Orbisius Random Name Generator plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'btnlabel' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Orbisius Random Name Generator versions = 1.0.2...

6.4CVSS5.4AI score0.00227EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder