457475 matches found
CVE-2026-39577
Unauthenticated PHP Object Injection in Playroom = 1.4.1 versions...
CVE-2026-39554
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
CVE-2026-39567
Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...
CVE-2026-39573
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-39545
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
CVE-2026-39539
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
CVE-2026-39443
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
CVE-2026-39446
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-39529
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2026-39438
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-28576
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-27429
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
CVE-2026-27870
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...
CVE-2026-25470
Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...
CVE-2026-22332
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2026-22335
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2026-22340
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
CVE-2026-12463
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-12360
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...
CVE-2026-12256
Contributor PHP Object Injection in Avada = 3.15.3 versions...