Lucene search
K

3658 matches found

EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43286

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

6.2AI score
Exploits0References2
CVE
CVE
added 4 hours ago3 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago8 views

CVE-2026-57713

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago30 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS7.3AI score0.28931EPSS
Exploits3References4
Nuclei
Nuclei
added 8 hours ago19 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago153 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.1AI score0.74283EPSS
Exploits11References7
Nuclei
Nuclei
added 8 hours ago118 views

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

9.8CVSS7.2AI score0.0307EPSS
Exploits0References4
CVE
CVE
added 3 days ago17 views

CVE-2026-13244

CVE-2026-13244 concerns the Drupal module for Tealium iQ Tag Management. The vulnerability arises from Improperly Controlled Modification of Dynamically-Determined Object Attributes in the module, allowing PHP object injection via data stored as serialized strings in the tealiumiq field. Affected...

6.1AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-55810

CVE-2026-55810 affects the Drupal Plotly.js Graphing module, where the PHP-serialized data stored in plotly_js_graph fields can be unserialized, enabling PHP object injection. Affected versions are Plotly.js Graphing in Drupal from 0.0.0 to 3.0.2. Root cause is Improperly Controlled Modification ...

6.1AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-12535

The CVE-2026-12535 entry concerns Drupal’s Formatter Field module, affected versions 0.0.0–2.0.0. The vulnerability arises from PHP-serialized data stored in the formatter_field field, which can be written maliciously and later unserialized, enabling Object Injection. Exploitation requires the at...

6.1AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-57368

Name of the Vulnerable Software and Affected Versions ps facetedsearch versions 3.0.0 through 4.0.3 Description A PHP Object Injection issue exists in the ps facetedsearch module. The module rebuilds search filters from the request URL, but the values for slider filters, specifically price or...

10CVSS6.6AI score0.00092EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56959

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: from n/a through = 5.1.2...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56940

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...

5.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56956

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56938

Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...

5.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56958

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56963

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56943

Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through = 1.25.10...

5.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56962

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder