Lucene search
K

5407 matches found

Nuclei
Nuclei
added 11 hours ago18 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.2AI score0.06757EPSS
Exploits1References2
NVD
NVD
added 12 hours ago5 views

CVE-2026-12583

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS
Exploits0References1
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-43627

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

8.1CVSS6.4AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS0.00539EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-59518

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57770

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57738

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57744

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57713

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57371

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS0.00518EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57744

The CVE-2026-57744 entry describes a PHP Object Injection vulnerability in the WordPress plugin RT-Theme 18 Extensions, affected versions up to and including 2.5. The root cause is Deserialization of Untrusted Data, enabling object injection. Impact is rated high (CVSS 3.1: 9.8, Confidentiality/I...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-59518

CVE-2026-59518 affects the WordPress Directorist plugin (Directorist) versions up to 8.8.2. It is a PHP object-injection vulnerability caused by deserialization of untrusted data, with CVSS v3.1 base score 9.8 (Network, Low attack complexity, No privileges, No user interaction; Confidentiality/In...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-59518 WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-57770 WordPress Grand Photography theme <= 5.7.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...

9.8CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS0.00539EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-57738 WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57738

CVE-2026-57738 affects WordPress Theme 777 (axiomthemes) up to version 1.13.0. The issue is a PHP object‑injection via deserialization of untrusted data in the 777 plugin/theme, enabling arbitrary object injection with high impact (CVSS 3.1: 9.8, Network attack, no user interaction). Connected so...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57371

The CVE-2026-57371 entry describes a Deserialization of Untrusted Data vulnerability in the WordPress WPJAM Basic plugin (wpjam-basic), affecting versions up to 7.0. The underlying issue is object injection via deserialization, enabling an attacker to potentially execute unintended actions throug...

8.8CVSS6.1AI score0.00518EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57371 WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS0.00518EPSS
Exploits0References1
Rows per page
Query Builder