34288 matches found
CVE-2026-35023
CVE-2026-35023 concerns Wimi Teamwork On-Premises versions prior to 8.2.0. The issue is an insecure direct object reference (IDOR) in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve im...
CVE-2026-35023
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Micdrop versions = 1.3.1...
WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme SingleMalt versions = 1.5...
WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Mildhill versions = 1.5...
WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Santé versions = 1.5.1...
WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Konsept versions = 1.9...
WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valiance versions = 1.2...
WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Playroom versions = 1.4.1...
WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme NeoBeat versions = 1.7...
WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Askka versions = 1.3.1...
WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Fidalgo versions = 1.2.2...
WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Töbel versions = 1.8.1...
WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Aperitif versions = 1.6...
WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Hiroshi versions = 1.5.1...
WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Zermatt versions = 1.6.1...
WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability
WordPress Alloggio - Hotel Booking theme = 2.1.2 - PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Alloggio - Hotel Booking versions = 2.1.2...
EUVD-2026-20340
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...
EUVD-2026-20127
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...
EUVD-2026-20148
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...