4136 matches found
WordPress Image Hover Ultimate - Unauthenticated Settings Update
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...
KevinLAB BEMS 1.0 - SQL Injection
KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and...
PHPGurukul Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information. id: CVE-2020-22165 info: name: PHPGurukul Hospital Management System 4.0 - SQL Injection...
Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Skitter Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. id: CVE-2025-28906 info: name: Skitter Slideshow = 2.5.2 - Authenticated Administrator+ Stored Cross-Site...
Sunflower Simple and Personal 1.0.1.43315 - Remote Code Execution
Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...
ZenML ZenML Server - Improper Authentication
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...
LG LED Assistant - Unauthenticated Password Reset
The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...
Apache Unomi - Remote Code Execution
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code. id: CVE-2020-11975 info: name: Apache Unomi -...
APsystems ECU-R Firmware - Command Injection
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity:...
Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass
IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...
IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection
IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...
FOSSBilling - Server-Side Template Injection
A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...
SmarterMail - Remote Code Execution
SmarterTools SmarterMail build 9511 contains an unauthenticated remote code execution caused by malicious OS command execution via ConnectToHub API method, letting remote attackers execute arbitrary commands, exploit requires no authentication. id: CVE-2026-24423 info: name: SmarterMail - Remote...
Simply Static - Information Disclosure
Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges. id: CVE-2024-32825 info:...
Heimdall - Host Header Injection & Open Redirect
LinuxServer.io Heimdall 2.6.3-ls307 contains a host header injection caused by improper validation of user-supplied HTTP headers X-Forwarded-Host and Referer, letting unauthenticated remote attackers perform host header injection and open redirect attacks, exploit requires no special privileges...
Landray EIS SQL注入漏洞
Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...
WordPress Download Manager <= 3.2.59 - Reflected XSS
W3 Eden, Inc. Download Manager plugin = 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link. id: CVE-2022-45836 info: name: WordPre...
TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass
Hard-Coded Cryptographic key allowing to forge session cookies that can be used to entirely bypass authentication id: CVE-2025-27223 info: name: TRUfusion Enterprise = 7.10.4.0 - Authentication Bypass author: DhiyaneshDK,rcesecurity severity: critical description: | Hard-Coded Cryptographic key...
Fanwei e-cology - SQL Injection
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...
Vite - Information Disclosure
Vite is a frontend tooling framework for JavaScript.In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended wi...
CMP WordPress < 4.0.19 - Broken Access Control
CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...
Parse Server - GraphQL Schema Information Disclosure
The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. id: CVE-2025-53364 info: name...
WPS Hide Login <= 1.5.2.2 - Login Page Bypass
WPS-Hide-Login plugin before 1.5.3 for WordPress contains an action=confirmaction protection bypass, letting attackers bypass security checks, exploit requires sending crafted requests. id: CVE-2019-15823 info: name: WPS Hide Login = 1.5.2.2 - Login Page Bypass author: pussycat0x severity: high...
ESPHome - Authentication Bypass
ESPHome 2025.8.0 contains an authentication bypass caused by improper validation of base64-encoded Authorization values in the webserver component, letting attackers access functionality without valid credentials, exploit requires crafted Authorization header. id: CVE-2025-57808 info: name: ESPHo...
Simple Certain Time to Show Content - Cross-Site Scripting
Simple Certain Time to Show Content WordPress plugin 1.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users such as admin, explo...
Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting
Fantastic ElasticSearch WordPress plugin = 4.1.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a malicious link. id: CVE-2024-13221 info: name:...
WordPress Front End Users - Reflected XSS
WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
AffiliateImporterEb <= 1.0.6 - Reflected XSS
AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...
Blinko < 1.8.4 - Path Traversal
Blinko 1.8.4 contains a path traversal vulnerability caused by lack of permission checks and filtering on the temp/ path in the file server endpoint, letting unauthorized attackers read arbitrary files including backup files with user notes and tokens, exploit requires no special privileges. id:...
Arcane <= 1.17.2 - Server-Side Request Forgery
Arcane = 1.17.3 contains an unauthenticated server-side request forgery caused by lack of URL scheme and host validation in /api/templates/fetch endpoint, letting remote attackers perform SSRF, exploit requires no authentication. id: CVE-2026-40242 info: name: Arcane = 1.17.2 - Server-Side Reques...
mcp-atlassian < 0.17.0 - Server-Side Request Forgery
MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...
User Registration & Membership WordPress plugin - Open Redirect
User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...
WordPress GamiPress <= 2.5.7 - SQL Injection
The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
XWiki - Information Disclosure
XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
BMC FootPrints - Authentication Bypass
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...
Accept Donations with PayPal <= 1.5.2 - Open Redirect
The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.2. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially...
WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection
The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
Advantech WISE-IoTSuite/SaaS - SQL Injection
Advantech WISE-IoTSuite/SaaS Composer suffers from an unauthenticated SQL Injection vulnerability due to the unsafe use of the filename parameter within the URL path in PostgreSQL queries. Remote attackers can exploit this flaw by injecting SQL code such as the use of pgsleep for time delays to...
WhoDB < 0.45.0 - Path Traversal
WhoDB contains a path traversal caused by lack of validation when opening database files, letting unauthenticated attackers access arbitrary Sqlite3 databases on the host system, exploit requires attacker to manipulate database filename input. id: CVE-2025-24786 info: name: WhoDB 0.45.0 - Path...
TOTOLINK/Realtek Routers - Information Disclosure
A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...
FOGProject <= 1.5.10.1673 - Authentication Bypass
FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database informatio...
WordPress BackWPup < 4.0.4 - Backup File Disclosure
BackWPup WordPress plugin 4.0.4 contains a directory listing vulnerability caused by lack of access restrictions in its temporary backup folder, letting unauthenticated attackers download site backups, exploit requires no authentication. id: CVE-2023-7164 info: name: WordPress BackWPup 4.0.4 -...
Gnuboard 5 - Cross-Site Scripting
Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...
Alumni Management System 1.0 - SQL Injection
SourceCodester Alumni Management System 1.0 contains a sqlinjection caused by unsanitized input in admin/login.php, letting attackers bypass authentication, exploit requires injection of malicious SQL payload. id: CVE-2020-29214 info: name: Alumni Management System 1.0 - SQL Injection author:...
ThemeGrill Demo Importer < 1.6.2 - Database Reset
ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...
WordPress Qubely < 1.8.6 - Unauthenticated Email Sending
Qubely WordPress plugin 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubelysendformdata AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication. id: CVE-2021-24916 info: name:...
LearnPress < 4.3.7 - Information Disclosure
LearnPress WordPress plugin 4.3.7 contains an information disclosure vulnerability caused by missing capability checks on a REST endpoint, letting unauthenticated visitors retrieve sensitive user role and capability data via crafted requests. id: CVE-2026-8383 info: name: LearnPress 4.3.7 -...