WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability

Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...

CVE-2026-7700

Langflow-ai Langflow up to v1.8.4 is affected by a code injection in the LambdaFilterComponent’s eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p). The underlying issue is unsafe evaluation of input, enabling remote exploitation. The CVE indicates the attack can be perform...

CVE-2018-25263

Faleemi Desktop Software 1.8.2 contains a local buffer overflow in the Device alias field of the Managing Log interface that allows an attacker with local access to trigger a structured exception handler (SEH) overwrite and execute arbitrary code (PoC shows calculator). The vulnerability is trigg...

CVE-2026-33020

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

PT-2026-31565

Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

WordPress Edifice theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Edifice versions = 1.8...

PT-2026-21148

Name of the Vulnerable Software and Affected Versions TeconceTheme Emerce Core versions through 1.8 Description A flaw exists in TeconceTheme Emerce Core that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue affects the emerce-core...

CVE-2025-9082

The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it possible for authenticat...

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

PT-2025-53915

Name of the Vulnerable Software and Affected Versions Mikado-Themes Lekker versions through 1.8 Description A flaw exists in Mikado-Themes Lekker that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...

Dire Wolf 安全漏洞

Dire Wolf is a software radio modem from the individual developers at wb2osz. A security vulnerability exists in Dire Wolf 1.8 and earlier versions, which stems from a stack buffer overflow in the kissrecbyte function, which could result in stack memory corruption or an application crash...

CVE-2025-58948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue affects Aromatica: from n/a through = 1.8...

CVE-2025-58928

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through = 1.8...

CVE-2025-14245

IdeaCMS up to version 1.8 contains a SQL injection vulnerability in the whereRaw usage of Coupon.php (app/common/logic/index/Coupon.php). The root cause is improper manipulation of the params argument, enabling remote attacker input to influence SQL queries. Multiple security feeds (NVD, Red Hat,...

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Heart versions = 1.8...

CVE-2025-49436

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through = 1.8...

CVE-2025-49057

CVE-2025-49057: Reflected XSS in WordPress plugin WP Voting (versions n/a through 1.8). The vulnerability arises from improper input neutralization during web page generation, enabling cross-site scripting. Affected software: WP Voting

CVE-2025-8736

A flaw was found in cflow. The yylex function in c.c exhibits a buffer overflow vulnerability, triggered by manipulation of input data. A local attacker could exploit this issue to cause an application level denial of service. This vulnerability stems from insufficient bounds checking during...