34374 matches found
PT-2026-26248
🟠 CVE-2026-27096 - High Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer Word... https://t.co/HOIbh9qxFx https://t.co/LcmJdGrhq3...
PT-2026-26276
Name of the Vulnerable Software and Affected Versions WishList Member X versions through 3.29.0 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the application's ability to securely handle incoming...
WordPress和WordPress plugin 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-26268
🚨 CVE-2025-60233: WordPress Zuut theme = 1.4.2 - ... PHP object injection in WordPress themes = instant RCE playground for attackers who can craft malicious serialized payl... https://t.co/IgpaLoPW1V netsec vulnerability CVE sysadmin zeroday...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-31898
A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the createAnnotation method's...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736
The Hytale Modding Wiki has an IDOR vulnerability in versions before 1.0.0 that allows any authenticated user to access authors’ full names and email addresses by visiting a mod page via its slug. Affected software: Hytale Modding Wiki (pre-1.0.0). Impact: exposure of PII with MEDIUM severity (CV...
EUVD-2026-12981
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...
EUVD-2026-12821
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...
CVE-2026-25449
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...
CVE-2026-25449
CVE-2026-25449 : The WordPress Traveler theme (Shinetheme Traveler) is affected prior to version 3.2.8.1 by a PHP object injection vulnerability caused by deserialization of untrusted data. The issue affects Traveler components (described as before 3.2.8.1) and is rated critical (CVSS 3.1 base sc...
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...
CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through 3.2.8.1...
CVE-2026-25449
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...
CVE-2026-32694
The CVE-2026-32694 vulnerability affects Juju (versions 3.0.0 through 3.6.18). It arises when a secret owner grants a secret to a grantee and relies solely on a predictable secret XID to verify ownership. A malicious grantee who can request secrets can predict past secrets granted by the same own...