CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316

CVE-2026-25316 affects the WordPress CartFlows plugin (CartFlows)

CVE-2026-23549 WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2026-23542 WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...

CVE-2026-2706

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysisnot.php. This manipulation of the argument compid causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-2691

A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manageregister.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2706

CVE-2026-2706 affects code-projects Patient Record Management System 1.0. The vulnerability is in the file fecalysis_not.php (and variants listed as fecalysis not.php) where improper handling of the comp_id parameter leads to SQL injection. The issue is exploitable remotely and, per sources, the ...

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

MiracleLinux 9 : php-8.0.30-5.el9_7 (AXSA:2026-201:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-201:01 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk imag...

FLIR Systems AX8 Cameras Cross-site Scripting (CVE-2025-5127)

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

AlmaLinux 9 : php (ALSA-2026:2799)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2799 advisory. php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images...

FLIR Systems AX8 Cameras Command Injection (CVE-2022-4364)

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out...

PT-2026-20696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

WordPress plugin CMSMasters Content Composer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

PT-2026-20760

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

PT-2026-20630

Name of the Vulnerable Software and Affected Versions Prodigy Commerce versions prior to 3.2.9 Description The Prodigy Commerce plugin for WordPress is susceptible to a Local File Inclusion issue. This allows unauthenticated attackers to include and read arbitrary files or execute arbitrary files...

FLIR Systems AX8 Cameras Command Injection (CVE-2023-51126)

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 Jan 2023 the FLIR AX8 should no longer be affected by the...