CVE-2026-40757

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

CVE-2026-40738

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

CVE-2026-40756

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

CVE-2026-39576

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

CVE-2026-39560

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

CVE-2026-39442

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

CVE-2026-39445

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

CVE-2025-69130

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

CVE-2025-69111

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

CVE-2025-60231

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

CVE-2025-60236

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

CVE-2025-60229

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

CVE-2025-59554

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

UBUNTU-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...