CVE-2026-25400

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

EUVD-2026-15713

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

CVE-2026-25400

CVE-2026-25400 affects WordPress Theme Apicona (versions up to 24.1.0). The issue is a deserialization of untrusted data that enables object injection. CVSS v3.1: 8.8 (HIGH); vector CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Impact spans confidentiality, integrity, and availability. Root cause des...

CVE-2026-25400 WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

CVE-2026-25400 WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...

WordPress plugin Apicona 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27938

Name of the Vulnerable Software and Affected Versions Apicona versions n/a through 24.1.0 Description A flaw exists in Apicona related to the deserialization of untrusted data, which allows for object injection. This issue could potentially impact systems utilizing the affected software...

WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Apicona versions = 24.1.0...

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EUVD-2024-25939

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

CVE-2024-4690

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4184

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4189

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

CVE-2024-4211

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation...

CVE-2024-4211

CVE-2024-4211 affects OpenText Application Automation Tools (v24.1.0 and below). Root cause: improper validation of input quantity coupled with multiple missing permission checks in ALM job configuration. Impact: users with Overall/Read permission could enumerate ALM server names, usernames and c...

PT-2024-32271 · Opentext · Opentext Application Automation Tools

Name of the Vulnerable Software and Affected Versions: OpenText Application Automation Tools versions 24.1.0 and below Description: The issue is related to an Improper Restriction of XML External Entity Reference vulnerability, which allows DTD Injection in OpenText Application Automation Tools...

PT-2024-18327 · Opentext · Opentext Arcsight Platform

Name of the Vulnerable Software and Affected Versions: OpenText ArcSight Platform versions up to 24.1.0 Description: A potential issue has been identified in the OpenText ArcSight Platform that could be remotely exploited, potentially allowing remote code execution. Recommendations: For OpenText...

DEBIAN-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

Race condition

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...