1815 matches found
CVE-2026-42382
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-42382
CVE-2026-42382 concerns WordPress Audrey theme versions <= 1.5 with an Unauthenticated Local File Inclusion (LFI) vulnerability. The connected patches and CVE records identify the affected product (Audrey theme
WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Audrey versions = 1.5...
CVE-2026-39576
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2025-210246
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...
CVE-2026-40760
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
CVE-2026-39549
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
CVE-2026-39573
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2025-69170 WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
CVE-2026-39573
CVE-2026-39573 : Unauthenticated PHP Object Injection in WordPress Mildhill theme <= 1.5. Affected component: Mildhill theme (WordPress). Root cause: PHP Object Injection vulnerability. Impact: high across confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/...
CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
EUVD-2026-37063
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...
PT-2026-49654
Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...
PT-2026-50117
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
PT-2026-49653
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...
EUVD-2026-36429
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...
CVE-2026-6853
CVE-2026-6853 describes an authentication bypass in Başbelen Group Pause+ Mobile App caused by improper restriction of excessive authentication attempts. Affected versions are Pause+ Mobile App prior to 1.5 (v1.0.6 up to, but not including, 1.5). The CVSS 3.1 base score is 9.8 (CRITICAL), with NE...
PT-2026-48885
Name of the Vulnerable Software and Affected Versions Pause+ Mobile App versions 1.0.6 through 1.4.x Description Improper restriction of excessive authentication attempts allows for authentication bypass. Recommendations Update to version 1.5...
Use of RSA Algorithm without OAEP
Overview Affected versions of this package are vulnerable to Use of RSA Algorithm without OAEP via the Wss4jSecurityInterceptor class, in the Wss4jSecurityInterceptor.java file due to defaulting allowRSA15KeyTransportAlgorithm to true when building the validation RequestData. This overrides Apach...