1475 matches found
EUVD-2025-210258
Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...
CVE-2025-69165
Unauthenticated Local File Inclusion in Choreo = 1.6 versions...
EUVD-2025-210241
Unauthenticated Local File Inclusion in Etude = 1.6 versions...
CVE-2025-69165 WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Choreo = 1.6 versions...
CVE-2026-39550
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...
EUVD-2026-33911
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...
CVE-2026-39550
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...
PT-2026-45731
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...
Exploit for Improper Privilege Management in Apache Couchdb
Lab7-CVE-2017-12635-12636 I. SYSTEM ANALYSIS Ide...
WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Etude versions = 1.6...
SUSE CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plumbing versions = 1.6...
CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
UBUNTU-CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
CVE-2026-48849
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...
CVE-2026-48849
CVE-2026-48849 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Affected component: draft restoration path where the draft’s subject field is unsanitized, enabling stored XSS/HTML/CSS injection on shared mailboxes. The issue arises from improper sanitization in the draft ...
EUVD-2026-31724
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
CVE-2026-48844
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...