CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826

CVE-2025-52826 affects the WordPress Sala theme (

CVE-2025-52827 WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through = 1.3.3...

CVE-2025-52827 WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through = 1.3.3...

CVE-2025-52827

CVE-2025-52827: WordPress Nuss theme

WordPress Red Art Theme <= 3.7 is vulnerable to PHP Object Injection

Software Red Art Type Theme Vulnerable versions = 3.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52828 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 443adc1cb34f Credits Frank Required privilege Subscriber Published 26 June...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Roundcube vulnerability (USN-7584-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7584-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL,...

WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Kriya versions = 3.4...

WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Plugin ThemeMove Core versions = 1.4.2...

Ubuntu: Security Advisory (USN-7584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rau má đậu xanh in WordPress Theme Nuss versions = 1.3.3...

WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WP Optimize By xTraffic versions = 5.1.6...

CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

WordPress Sala Theme <= 1.1.3 is vulnerable to PHP Object Injection

Software Sala Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52826 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 745dde376637 Credits Ann Required privilege Subscriber Published 23 June,...

WordPress Nuss Theme <= 1.3.3 is vulnerable to PHP Object Injection

Software Nuss Type Theme Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52827 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7d884de49dbe Credits Ann Required privilege Subscriber Published 23 June,...

WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin eCommerce Product Catalog versions = 3.4.3...

CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

CVE-2025-25034

SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 are affected by a PHP object injection in SugarRestSerialize.php due to improper validation of the rest_data parameter before unserialize(). An unauthenticated attacker can submit crafted serialized data to achieve arbitrary...

PT-2025-26454

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 6.5.24 SugarCRM versions prior to 6.7.13 SugarCRM versions prior to 7.5.2.5 SugarCRM versions prior to 7.6.2.2 SugarCRM versions prior to 7.7.1.0 Description: A PHP object injection issue exists due to improper...

USN-7584-1: Roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...