Export limit exceeded: 360139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360139 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34023 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch. | ||||
| CVE-2026-34024 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches. | ||||
| CVE-2026-34025 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location. | ||||
| CVE-2026-34026 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries. | ||||
| CVE-2026-34027 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content. | ||||
| CVE-2026-34028 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/. | ||||
| CVE-2026-34029 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files. | ||||
| CVE-2026-34030 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions. | ||||
| CVE-2026-12057 | 2 Foxit, Foxitsoftware | 2 Ai, Foxit Ai | 2026-06-23 | 8.6 High |
| When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution. | ||||
| CVE-2016-20071 | 2 404-redirection-manager, Wordpress | 2 404 Redirection Manager, Wordpress | 2026-06-23 | 8.2 High |
| The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database. | ||||
| CVE-2016-20072 | 2 Bbsetheme, Wordpress | 2 Bbs E-franchise, Wordpress | 2026-06-23 | 8.2 High |
| BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms. | ||||
| CVE-2016-20073 | 2 Mattkaye, Wordpress | 2 Answer My Question, Wordpress | 2026-06-23 | 8.2 High |
| Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data. | ||||
| CVE-2016-20074 | 2 Leethompson, Wordpress | 2 Lazy Content Slider Plugin, Wordpress | 2026-06-23 | 4.3 Medium |
| WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count. | ||||
| CVE-2016-20076 | 2 Chrishurst, Wordpress | 2 Simple Backup, Wordpress | 2026-06-23 | 7.5 High |
| WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. Attackers can exploit insufficient input validation using directory traversal techniques to access wp-config.php, database dumps, and other sensitive files, or delete critical files .htaccess to expose backup directories. | ||||
| CVE-2016-20077 | 2 Kaymeephotography, Wordpress | 2 Photocart Link, Wordpress | 2026-06-23 | 6.2 Medium |
| WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data. | ||||
| CVE-2016-20078 | 2 Henrique Dias, Wordpress | 2 Imdb Profile Widget, Wordpress | 2026-06-23 | 6.2 Medium |
| WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data. | ||||
| CVE-2016-20079 | 2 Jamie, Wordpress | 2 Dharma Booking, Wordpress | 2026-06-23 | 6.2 Medium |
| WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files. | ||||
| CVE-2016-20080 | 2 Brandfolder, Wordpress | 2 Brandfolder, Wordpress | 2026-06-23 | 6.2 Medium |
| WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code. | ||||
| CVE-2016-20081 | 2 Husain, Wordpress | 2 Hb Audio Gallery Lite, Wordpress | 2026-06-23 | 7.5 High |
| WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory. | ||||
| CVE-2016-20082 | 2 Abtest, Wordpress | 2 Abtest, Wordpress | 2026-06-23 | 6.2 Medium |
| WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code. | ||||