CVE-2026-32506

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through 1.7...

EUVD-2026-15860

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through 1.7...

EUVD-2026-15866

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through 1.7...

CVE-2026-32511

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through 1.7...

CVE-2026-32506

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through 1.7...

WordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Archicon versions 1.7...

CVE-2025-67937

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through 1.7...

PT-2026-1912

Name of the Vulnerable Software and Affected Versions Mikado-Themes Hendon versions prior to 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

WordPress plugin Hendon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

PT-2025-16308 · Laravel +4 · Laravel +4

Name of the Vulnerable Software and Affected Versions: Aidex versions prior to 1.7 Description: The issue allows an authenticated malicious user to execute unauthorized commands within the system by exploiting an open registry. This can include executing operating system commands, interacting wit...

WordPress WP Secure Maintenance plugin < 1.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin WP Secure Maintenance versions 1.7...

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...

PT-2023-21066 · Netapp · Ontap Mediator

Name of the Vulnerable Software and Affected Versions: ONTAP Mediator versions prior to 1.7 Description: The issue allows an unauthenticated attacker to enumerate URLs via the REST API. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the issue. As a temporary...

CVE-2020-5239

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

WordPress simple-mail-address-encoder plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-mail-address-encoder is a plugin that supports encoding of e-mail addresses. A cross-site scripting vulnerability exists in...

CVE-2019-15833

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...

PT-2019-14422 · Unknown · Simple-Mail-Address-Encoder

Name of the Vulnerable Software and Affected Versions: simple-mail-address-encoder plugin versions prior to 1.7 Description: The issue is related to reflected XSS in the simple-mail-address-encoder plugin. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the...

CVE-2016-10883

The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users...

CVE-2019-6812

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...