CVE-2026-25400

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

EUVD-2026-15713

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

CVE-2026-25400 WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

CVE-2026-25400

CVE-2026-25400 affects WordPress Theme Apicona (versions up to 24.1.0). The issue is a deserialization of untrusted data that enables object injection. CVSS v3.1: 8.8 (HIGH); vector CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Impact spans confidentiality, integrity, and availability. Root cause des...

CVE-2026-25400 WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

WordPress plugin Apicona 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27938

Name of the Vulnerable Software and Affected Versions Apicona versions n/a through 24.1.0 Description A flaw exists in Apicona related to the deserialization of untrusted data, which allows for object injection. This issue could potentially impact systems utilizing the affected software...

WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Apicona versions = 24.1.0...

Oracle APEX Sample Applications (Brookstrut) (CVE-2026-21931)

The remote host is affected by a vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App as referenced in the January 2026 Oracle Critical Patch Update CPU advisory. - Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX...

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EUVD-2024-25939

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

CVE-2024-4690

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4184

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4692

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText...

CVE-2024-4189

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4211

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation...

CVE-2024-4211

CVE-2024-4211 affects OpenText Application Automation Tools (v24.1.0 and below). Root cause: improper validation of input quantity coupled with multiple missing permission checks in ALM job configuration. Impact: users with Overall/Read permission could enumerate ALM server names, usernames and c...

CVE-2024-4184

OpenText Application Automation Tools plugin for Jenkins (versions 24.1.0 and earlier) is affected by CVE-2024-4184 due to improper restriction of XML external entity references, enabling DTD injection when parsing input files. Impact described as high in CVSS metrics; exploitation status is not ...

PT-2024-32271 · Opentext · Opentext Application Automation Tools

Name of the Vulnerable Software and Affected Versions: OpenText Application Automation Tools versions 24.1.0 and below Description: The issue is related to an Improper Restriction of XML External Entity Reference vulnerability, which allows DTD Injection in OpenText Application Automation Tools...