CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

Astra Linux - уязвимость в python3.11, python3.7

User-controlled header names and values containing newlines can allow for the injection of HTTP headers...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

PT-2026-32121

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zd echo' GET parameter into the HTTP response without proper...

Percona PMM 安全漏洞

Percona PMM is a database monitoring and performance analysis platform developed by Percona, Inc. Versions of Percona PMM prior to version 3.7 contained security vulnerabilities. These vulnerabilities stemmed from internal database users retaining superuser privileges, which could allow attackers...

CVE-2026-22473

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

EUVD-2026-9611

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

CVE-2026-27338

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

CVE-2026-22473

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

PT-2026-23232

Name of the Vulnerable Software and Affected Versions AivahThemes Car Zone versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...

PT-2026-23205

Name of the Vulnerable Software and Affected Versions Dental Clinic versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. Recommendations Versions prior to and including 3.7 should be updated...

WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dental Clinic versions = 3.7...

WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Car Zone versions = 3.7...

CVE-2026-1614

The CVE-2026-1614 entry concerns Rise Blocks – A Complete Gutenberg Page Builder (WordPress). It describes a Stored Cross-Site Scripting (Stored XSS) vulnerability in the Site Identity block attribute logoTag, exploitable by authenticated attackers with Contributor-level access and above. Affecte...

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin = 3.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Rise Blocks versions = 3.7...

CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

PT-2026-21226

Name of the Vulnerable Software and Affected Versions Applay - Shortcodes versions through 3.7 Description A flaw exists in the Applay - Shortcodes application that allows for object injection due to deserialization of untrusted data. This issue impacts the application's functionality related to...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...

WordPress WordPress Auction plugin <= 3.7 - Editor+ SQL Injection vulnerability

Editor+ SQL Injection vulnerability discovered by Thanh Kieu in WordPress Plugin WordPress Auction Plugin versions = 3.7...