CVE-2026-22478

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through = 1.4...

CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...

CVE-2026-22416

CVE-2026-22416 is a Local File Inclusion vulnerability in the WordPress FixTeam theme (AncoraThemes FixTeam). The advisory states improper control of filename for include/require in PHP, effectively a PHP Remote File Inclusion condition that leads to LFI. Affected versions are FixTeam up to 1.5.0...

PT-2026-23193

Name of the Vulnerable Software and Affected Versions AncoraThemes Handyman versions through 1.4 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This impacts the handyman-services component. Recommendations At the moment, there...

WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FindAll versions = 1.4...

WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Handyman versions = 1.4.7...

CVE-2026-27831 rldns Vulnerable to Heap-based Out-of-Bounds Read

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

CVE-2025-69306 WordPress Electio Core plugin <= 1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...

CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

Globitek CMS SQL注入漏洞

Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.4 of Globitek CMS has a SQL injection vulnerability. This vulnerability stems from an SQL injection in the id GET parameter, which may allow attackers to extract or modify database information...

CVE-2026-0945

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

WordPress Electio Core plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Electio Core versions = 1.4...

CVE-2026-24631

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

PT-2026-4461

Name of the Vulnerable Software and Affected Versions Mikado-Themes Rosebud versions through 1.4 Description An authorization bypass exists in Mikado-Themes Rosebud due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. Recommendation...

CVE-2026-24036

Horilla HRMS (versions 1.4.0 and above) exposes unpublished job postings via the unauthenticated /recruitment/recruitment-details// endpoint. The underlying issue allows viewing draft job titles, descriptions, and application links, revealing internal hiring information and potentially causing ca...

CVE-2025-27004

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...

WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

CVE-2023-50873

Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4...