CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...

PT-2026-23358

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

WordPress plugin UberSlider Classic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Windsor versions = 2.5.0...

Microchip Time Provider 4100 安全漏洞

Microchip Time Provider 4100 is a precision time gateway developed by the American company Microchip. Versions prior to 2.5 of Microchip Time Provider 4100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of integrity checks during code downloads, which could lead t...

WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...

CVE-2025-69370

Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through = 2.5.5...

CVE-2025-69407

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

SVXportal 安全漏洞

SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier had security vulnerabilities. These vulnerabilities stemmed from insufficient encoding of user input fields during the registration process, which could lead to stored-xss attacks...

CVE-2026-25428

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

📄 Serendipity 2.5.0 PHP Code Injection

Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...

WordPress Link Hopper plugin <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'hopname' Parameter vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Link Hopper versions = 2.5...

PT-2026-8013

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.5 Description A sandbox escape allows for remote code execution RCE when the AI agent autonomously performs Git operations. A malicious actor can hide scripts within hidden Git hooks in nested bare repositories or us...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

CVE-2026-23896 immich API Key Privilege Escalation vulnerability

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issu...

CVE-2026-23896 immich API Key Privilege Escalation vulnerability

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issu...

CVE-2025-69749

Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code...