CVE-2026-28117

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through = 2.9...

PT-2026-20688

Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through = 2.9...

EUVD-2025-202139

Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through = 2.9...

CVE-2025-60228

Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through = 2.9...

CVE-2025-60228

CVE-2025-60228 describes a PHP Object Injection vulnerability in the WordPress Knowledge Base theme (versions

EUVD-2017-18396

Malware in sbrugna...

EUVD-2020-15994

Malware in sbrugna...

EUVD-2025-30603

Malicious code in bioql PyPI...

CVE-2025-58004

Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through = 2.9...

WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bonds in WordPress Theme DriCub versions = 2.9...

CVE-2025-58004 WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through = 2.9...

CVE-2025-58005 WordPress DriCub Theme <= 2.9 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through = 2.9...

CVE-2025-58631

CVE-2025-58631 is a DOM-based XSS in the WordPress IssueM plugin up to version 2.9.0, caused by improper neutralization of input during web page generation. Affected software: IssueM (ZEEN101) plugin for WordPress; vulnerability is triggered via user-supplied input that is not properly sanitized ...

CVE-2025-8508

A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educaravaliacaodesempenhocad.php. The manipulation of the argument tituloavaliacao/descricao leads to cross site scripting. T...

Portábilis i-Educar 代码注入漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A code injection vulnerability exists in Portábilis i-Educar version 2.9, which originates from a cross-site scripting attack due to the incorrect operation of the parameter...

CVE-2024-31869

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2020-11037

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is...

CVE-2020-23243

Cross Site Scripting XSS vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrongpathredirect" feature...

CVE-2020-23654

NavigateCMS 2.9 is affected by Cross Site Scripting XSS via the module "Shop."...

CVE-2020-5732

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators...