CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

6.1CVSS6.2AI score0.02005EPSS

Exploits2References5

RedhatCVE•added 2026/03/26 5:5 p.m.•0 views

CVE-2026-25464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

EUVD•added 2026/03/25 6:31 p.m.•1 views

EUVD-2026-15748

5.8AI score0.00172EPSS

Exploits0References2

NVD•added 2026/03/25 5:16 p.m.•3 views

CVE-2026-25464

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:14 p.m.•24 views

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

Exploits0References1

CVE•added 2026/03/25 4:14 p.m.•3 views

CVE-2026-25464

CVE-2026-25464 affects the WordPress plugin Jannah (Jannah – Newspaper Magazine News BuddyPress AMP). The Wordfence and NVD entries describe an "Imporper Control of Filename for Include/Require Statement" vulnerability that enables PHP Local File Inclusion via manipulated include/require targets....

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 4:14 p.m.•2 views

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

8.1CVSS5.3AI score0.00172EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-27958

Name of the Vulnerable Software and Affected Versions TieLabs Jannah versions through 7.6.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local PHP files...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References3

CNNVD•added 2026/03/25 12:0 a.m.•2 views

WordPress plugin Jannah 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Patchstack•added 2026/03/16 12:48 p.m.•2 views

WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...

8.1CVSS5.8AI score0.00172EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/12/19 7:32 a.m.•1 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS7AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2025/12/19 7:32 a.m.•1 views

CVE-2025-64205

8.1CVSS7.1AI score0.0011EPSS

Exploits0References1

RedhatCVE•added 2025/12/19 7:32 a.m.•2 views

CVE-2025-64207

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS6.4AI score0.00029EPSS

Exploits0References1

EUVD•added 2025/12/18 9:30 a.m.•1 views

EUVD-2025-204083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS5.9AI score0.00029EPSS

Exploits0References2

EUVD•added 2025/12/18 9:30 a.m.•1 views

EUVD-2025-204084

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS6.5AI score0.00101EPSS

Exploits0References2

NVD•added 2025/12/18 8:16 a.m.•1 views

CVE-2025-64206

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

9.8CVSS0.00101EPSS

Exploits0References1

NVD•added 2025/12/18 8:16 a.m.•2 views

CVE-2025-64207

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

7.1CVSS0.00029EPSS

Exploits0References1

NVD•added 2025/12/18 8:16 a.m.•1 views

CVE-2025-64205

8.1CVSS0.0011EPSS

Exploits0References1

CVE•added 2025/12/18 7:22 a.m.•3 views

CVE-2025-64206

CVE-2025-64206 describes a deserialization of untrusted data vulnerability in the WordPress/Jannah theme, enabling PHP Object Injection in Jannah versions up to and including 7.6.0. The issue is triggered via deserialized data handling in Jannah and is rated with a CVSS v3.1 base score of 9.8 (CR...

9.8CVSS6.6AI score0.00101EPSS

Exploits0References1

CVE•added 2025/12/18 7:22 a.m.•5 views

CVE-2025-64205

CVE-2025-64205 affects WordPress Jannah theme versions up to and including 7.6.0. The issue is an improper control of filename for include/require, enabling PHP Local File Inclusion (LFI). The CVSS 3.1 base score is 8.2 (HIGH) with network attack vector, low attack complexity, no privileges requi...

8.1CVSS6.7AI score0.0011EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by