CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through 1.7...

CVE-2026-32509 WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through 1.4...

CVE-2026-32508

CVE-2026-32508 affects the WordPress Halstein theme prior to v1.8. The vulnerability is due to deserialization of untrusted data, enabling object injection in Halstein before 1.8. Affected software is Mikado-Themes Halstein halstein; impact is described as potential object injection with limited ...

CVE-2026-32509

CVE-2026-32509 is a deserialization of untrusted data vulnerability in the WordPress Gracey theme (

CVE-2026-32507

The CVE-2026-32507 entry documents a Deserialization of Untrusted Data vulnerability in the WordPress Leroux theme (Elated-Themes Leroux), affecting Leroux versions prior to 1.4. The core issue is Object Injection via deserialized untrusted data in Leroux, with reported exposure affecting the the...

CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...

CVE-2026-32506

CVE-2026-32506 affects WordPress Archicon theme versions prior to 1.7. The issue is described as a deserialization of untrusted data that allows arbitrary object instantiation (object injection) in Archicon. The affected component is the Archicon WordPress theme; root cause is deserialization lea...

CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...

WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Halstein versions 1.8...

WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Stål versions 1.7...

WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Kamperen versions 1.3...

WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Gracey versions 1.4...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2025-52998 Chamilo: PHAR deserialization bypass

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2025-52998 Chamilo: PHAR deserialization bypass

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2026-27607

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...