1079940 matches found
CVE-2026-7654
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...
CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-7654
The Admin Columns plugin for WordPress (up to version 7.0.18) is vulnerable to PHP Object Injection that leads to Remote Code Execution. Root cause: unserialize() used without an allowed_classes restriction in IdsToCollection::get_ids_from_string(), processing attacker-controlled post meta values...
CVE-2026-7654
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-11429
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...
MAL-2026-5273 Malicious code in anthropy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MINI-W4WH-M3CM-C3F8
Bulletin has no description...
MINI-Q86C-36PG-XJQR
Bulletin has no description...
MINI-X8Q5-8M3X-3W5J
Bulletin has no description...
MINI-38QG-7M7W-W46F
Bulletin has no description...
MINI-P3MQ-J8QV-GXH3
Bulletin has no description...
MINI-3263-WJ9H-F629
Bulletin has no description...
MINI-VJ5H-PX4P-2V4G
Bulletin has no description...
MINI-J97X-Q8CV-Q9W4
Bulletin has no description...
MINI-XJ8M-GQJQ-VR4P
Bulletin has no description...
MINI-WCHG-99P8-QJ66
Bulletin has no description...
MINI-J8V4-5QF6-4WFR
Bulletin has no description...
MINI-FGP6-RXM8-PV96
Bulletin has no description...