9 matches found
CVE-2026-36829
CVE-2026-36829 affects Panabit PAP-XM320 (up to v7.7). The embedded HTTP server authenticates via a cookie-based value checked against the filesystem, using a user-controlled cookie without proper sanitization. This leads to a directory traversal scenario and authentication bypass, enabling bypas...
CVE-2026-32400 WordPress Boldman theme <= 7.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...
PT-2026-25246
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through = 7.7...
CVE-2025-68974 WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...
WordPress plugin ANAC XML Bandi di Gara 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
PT-2024-37086 · WordPress · Wpbakery Visual Composer
Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer plugin for WordPress versions up to, and including, 7.7 Description: The issue allows authenticated attackers with Author-level access and above, and with post permissions granted by an Administrator, to include and...
CLSA-2021-1617285762 Fix of CVE-2021-22876
back-port urlapi from v7.75.0 used by CVE-2021-22876 - strip credentials from the auto-referer header CVE-2021-22876...
WinaXe 'FTP client' Remote Buffer Remote Vulnerability
WinaXe is an X terminal emulation program running on Windows platform, fully compatible with X11 R6, allowing you to enjoy Unix/Linux on Windows. A remote buffer overflow vulnerability exists in WinaXe version 7.7, which can be exploited by an attacker to execute arbitrary code in the context of ...
Multiple Cross-Site Scripting Vulnerabilities in PNMsoft Sequence Kinetics
PNMsoft Sequence Kinetics is a next-generation business process management suite released by Israel-based PNMsoft that enables rapid establishment of high-availability workflow applications and close human collaboration on change while maintaining lifecycle governance. Multiple cross-site scripti...