8103 matches found
CVE-2026-27414 WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Werkstatt = 4.8.3 versions...
CVE-2026-27414
CVE-2026-27414 details (provided): WordPress Werkstatt theme
CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
CVE-2026-27060
CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (<= 7.0). The root cause is PHP Object Injection in ARMember Premium
EUVD-2026-40452
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...
WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Werkstatt versions = 4.8.3...
WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability
Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...
CVE-2026-12240
The CVE-2026-12240 entry concerns the WordPress Export User Data plugin (up to version 2.2.6). Affected component: the unserialize path validation in the plugin allows an authenticated subscriber+ to trigger arbitrary file deletions on the server by exporting user data, with a crafted serialized ...
WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...
WordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin Booktics versions = 1.0.21...
PYSEC-2026-373 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...
CVE-2026-49991 RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
CVE-2026-56057
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56055
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...
CVE-2026-56031
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-56032
Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...
EUVD-2026-39711
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56057
The CVE concerns the WordPress plugin Uncanny Automator Pro
EUVD-2026-39710
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...