EUVD-2026-31906

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

PT-2026-36568

Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9 Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher...

PT-2026-31467

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...

CVE-2026-27087

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through = 1.9...

WordPress plugin Wolverine Framework 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

PT-2026-27984

Name of the Vulnerable Software and Affected Versions G5Theme Wolverine Framework versions n/a through 1.9 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a reflected cross-site scripting issue. This allows for potential...

CVE-2026-28123

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through = 1.9...

PT-2026-23236

Name of the Vulnerable Software and Affected Versions Mikado-Themes TopFit - Fitness and Gym WordPress Theme versions through 1.9 Description The TopFit - Fitness and Gym WordPress Theme contains a flaw related to improper control of filename for include/require statements, specifically a PHP Loc...

WordPress plugin TopFit 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Veil versions = 1.9...

WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Notarius versions = 1.9...

CVE-2026-24955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

CVE-2026-24955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

CVE-2026-24955 WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Whizz Plugins versions = 1.9...

CVE-2025-67859

The CVE-2025-67859 entry relates to an improper authentication vulnerability in the TLP power daemon (Polkit-related) that allows a local user to arbitrarily change the active power profile and the daemon’s log settings. Affected software is TLP (versions 1.9 before 1.9.1). The issue is categoriz...

CVE-2025-67859

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1...

CVE-2025-53470 Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

CVE-2025-65409

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...

CVE-2025-58709

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through = 1.9...