EUVD-2026-37703

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

EUVD-2025-210244

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

CVE-2025-60230 WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

EUVD-2025-210243

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

CVE-2025-60229 WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

CVE-2026-49268 Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...

WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JetBooking versions = 4.0.4.1...

EUVD-2026-37697

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

CVE-2026-40757 WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

EUVD-2026-37698

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

EUVD-2026-37695

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

EUVD-2026-37696

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

EUVD-2026-37694

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

EUVD-2026-37693

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

CVE-2026-40733 WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...