WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Majestic Support versions = 1.1.2...

WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

WordPress Xhanch - My Advanced Settings plugin = 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Xhanch – My Advanced Settings versions = 1.1.2...

CVE-2026-27097

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...

EUVD-2026-8927

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

CVE-2026-1585

The CVE-2026-1585 entry concerns an unquoted Windows service executable path in Canon IJ Scan Utility for Windows (versions 1.1.2–1.5.0), enabling a local attacker to run a malicious file with the service’s privileges. Affected component: the Windows service responsible for IJ Scan Utility. Root ...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

PT-2026-22229

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

CVE-2026-22377

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through = 1.1.2...

WordPress plugin Saveo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-50002

Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through = 1.1.2...

WordPress Energia theme <= 1.1.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Energia versions = 1.1.2...

WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability

Software : Issabella Type : Theme Vulnerable versions : = 1.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69086 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 1e3ff6a668aa Credits :...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +35 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)

@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...

@akunsansan0/teagunz99 (>=1.1.2 <=1.1.4) potentially affected by unknown CVE via teagunz99 (=1.0.0)

teagunz99 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on teagunz99 and may be impacted: - @akunsansan0/teagunz99 =1.1.2, =1.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-181574...

dhrav1 (=1.1.2), irma-dodol78-riris (=3.3.4) +2 more potentially affected by unknown CVE via dhrafortea (>=1.1.2 <=4.1.4)

dhrafortea NPM version =1.1.2, =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dhrafortea and may be impacted: - dhrav1 =1.1.2 - irma-dodol78-riris =3.3.4 - joko-tek48-riris =4.3.2 - kurnia-sambel16-riris =2.3.1 Source cves: unknown CVE Source...

PT-2025-38790

Name of the Vulnerable Software and Affected Versions Append extensions on Pages versions through 1.1.2 Description A flaw exists in Append extensions on Pages that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

CVE-2025-58798

Cross-Site Request Forgery CSRF vulnerability in Bjorn Manintveld BCM Duplicate Menu bcm-duplicate-menu allows Cross Site Request Forgery.This issue affects BCM Duplicate Menu: from n/a through = 1.1.3...

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...