Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery

Onair2 3.9.9.2 and KenthaRadio 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. id: CVE-2021-24472 info...

CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

EUVD-2026-13079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kentha: from n/a through 4.7.2...

CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kentha: from n/a through 4.7.2...

PT-2026-26274

CVE-2026-25442 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha allows Reflected XSS.This issue affects Kent… https://t.co/axHDzJndSj...

CVE-2025-69003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through = 2.2.0...

CVE-2025-69003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through = 2.2.0...

CVE-2025-69003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through = 2.2.0...

PT-2026-4120

Name of the Vulnerable Software and Affected Versions QantumThemes KenthaRadio versions through 2.2.0 Description A flaw exists in QantumThemes KenthaRadio that allows for Reflected Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

PT-2026-4273

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...

CVE-2025-22712

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through = 3.0.2...

CVE-2025-22712

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through = 3.0.2...

PT-2026-1787

Name of the Vulnerable Software and Affected Versions QantumThemes Typify versions through 3.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. The vulnerability exists in QantumThemes...