GHSA-R7C9-7PJQ-HMM8 Postorius is vulnerable to XSS

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

Postorius is vulnerable to XSS

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

PT-2026-38553

Name of the Vulnerable Software and Affected Versions Postorius versions prior to 1.3.14 Description The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026. Recommendations Update to a version...

Linux Distros Unpatched Vulnerability : CVE-2026-44742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

EUVD-2026-15497

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...

CVE-2026-22494

CVE-2026-22494 is a Local File Inclusion in ThemeREX Good Homes (WordPress theme)

PT-2026-27817

Name of the Vulnerable Software and Affected Versions ThemeREX Good Homes versions n/a through 1.3.13 Description The software contains a flaw due to improper control of filename handling for include/require statements in PHP. This allows for PHP Local File Inclusion. The affected component is th...

WordPress plugin Good Homes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Homes versions = 1.3.13...

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

Pironman Dashboard 安全漏洞

Pironman Dashboard is a console interface open-sourced by SunFounder. Versions of Pironman Dashboard prior to 1.3.13 have security vulnerabilities; these vulnerabilities stem from path traversal in the log file API endpoints, which could lead to arbitrary file reading and deletion...

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2025-60057 WordPress DJ Rainflow theme <= 1.3.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DJ Rainflow dj-rainflow allows PHP Local File Inclusion.This issue affects DJ Rainflow: from n/a through = 1.3.13...

PT-2025-52118

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DJ Rainflow dj-rainflow allows PHP Local File Inclusion.This issue affects DJ Rainflow: from n/a through = 1.3.13...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

CVE-2025-61194

daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php...