156 matches found
CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...
PT-2026-32121
A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zd echo' GET parameter into the HTTP response without proper...
CVE-2026-22473
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
EUVD-2026-9611
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...
CVE-2026-27338
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...
CVE-2026-22473
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
PT-2026-23232
Name of the Vulnerable Software and Affected Versions AivahThemes Car Zone versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...
PT-2026-23205
Name of the Vulnerable Software and Affected Versions Dental Clinic versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. Recommendations Versions prior to and including 3.7 should be updated...
WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dental Clinic versions = 3.7...
CVE-2026-1614
The CVE-2026-1614 entry concerns Rise Blocks – A Complete Gutenberg Page Builder (WordPress). It describes a Stored Cross-Site Scripting (Stored XSS) vulnerability in the Site Identity block attribute logoTag, exploitable by authenticated attackers with Contributor-level access and above. Affecte...
WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability
WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin = 3.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Rise Blocks versions = 3.7...
PT-2026-21226
Name of the Vulnerable Software and Affected Versions Applay - Shortcodes versions through 3.7 Description A flaw exists in the Applay - Shortcodes application that allows for object injection due to deserialization of untrusted data. This issue impacts the application's functionality related to...
CVE-2023-25030
Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...
CVE-2025-14388
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
CVE-2025-49380
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...
PT-2025-43178
Name of the Vulnerable Software and Affected Versions WooCommerce Vehicle Parts Finder versions through 3.7 Description The WooCommerce Vehicle Parts Finder component contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS...
PT-2025-43170
Name of the Vulnerable Software and Affected Versions WooCommerce Vehicle Parts Finder versions through 3.7 Description The WooCommerce Vehicle Parts Finder plugin contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the...
EUVD-2021-21294
Malware in sbrugna...
EUVD-2018-11721
Malware in sbrugna...