CVE-2026-27043

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6...

CVE-2026-27043

CVE-2026-27043 affects the WordPress Photography theme (ThemeGoods Photography). The vulnerability is described as an authenticated (Editor+) Arbitrary File Upload vulnerability that arises in Photography versions up to 7.7.5, with public notes indicating exposure risk and path traversal implicat...

CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6...

PT-2026-26294

CVE-2026-27043 Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a through 7.7.5. https://t.co/2aaKvB4qZZ...

WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Photography versions 7.7.6...

CVE-2025-68510

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

CVE-2025-68510

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

WordPress plugin “Photography” security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), cn.jhc:umeditor-vaadin-js (=0.0.1) +141 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-server (>=7.0.0 <=7.7.5)

com.vaadin:vaadin-server MAVEN version =7.0.0, =0.5, =1.1, =1.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.2.4 and more Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

WordPress plugin LifterLMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

WordPress LifterLMS Plugin <= 7.7.5 is vulnerable to SQL Injection

Software LifterLMS Type Plugin Vulnerable versions = 7.7.5 Fixed in 7.7.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7349 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 171b245559b0 Credits FKSEC Required privilege Administrator Published 6...

WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37482 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID cde94030335f Credits Rafie Muhammad Patchstack Requir...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

CVE-2018-13401

CVE-2018-13401 affects Atlassian Jira. The vulnerability is an open-redirect issue in the XsrfErrorAction resource that lets remote attackers obtain a user’s CSRF token. Affected Jira versions are: before 7.6.9; 7.7.0–before 7.7.5; 7.8.0–before 7.8.5; 7.9.0–before 7.9.3; 7.10.0–before 7.10.3; 7.1...

Cross site scripting

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...

Apple Releases QuickTime 7.7.5

Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...

jNews com_jnews 7.0.0 => 7.7.5 execute arbitrary PHP code

The vulnerability affects all variations of jNews, including the premium ones this is where the 7.7.5 comes in, not just the free version. The dork "inurl:comjnews" currently produces "About 37,100 results". The exploit will create a file on the targeted website and enable you to execute arbitrar...

Fedora 16 : condor-7.7.5-0.2.fc16 (2012-3341)

Update to latest development release 7.7.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...