Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

93297 matches found

CVE
CVEadded 2026/04/08 10:0 p.m.7 views

CVE-2026-5810

Summary (CVE-2026-5810): A flaw in SourceCodester Sales and Inventory System 1.0 affects an unknown function in /delete.php that handles the GET parameter ID. Manipulating this argument leads to cross-site scripting (XSS). Remote exploitation is possible, and the exploit has been published. CVSS ...

5.1CVSS4.7AI score0.0024EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/08 9:15 p.m.21 views

CVE-2026-5806 code-projects Easy Blog Site update.php cross site scripting

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

5.1CVSS0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/08 7:27 p.m.3 views

CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS6.7AI score0.06165EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/08 3:31 p.m.5 views

EUVD-2026-20472

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/04/08 12:22 p.m.3 views

WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Micdrop versions = 1.3.1...

5.8AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:22 p.m.4 views

WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme SingleMalt versions = 1.5...

5.8AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:22 p.m.3 views

WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Mildhill versions = 1.5...

5.8AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:21 p.m.2 views

WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Santé versions = 1.5.1...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:21 p.m.4 views

WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valiance versions = 1.2...

5.8AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:21 p.m.5 views

WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Playroom versions = 1.4.1...

5.8AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:20 p.m.4 views

WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Fidalgo versions = 1.2.2...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:19 p.m.4 views

WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Töbel versions = 1.8.1...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/08 12:19 p.m.3 views

WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Aperitif versions = 1.6...

5.8AI score0.00308EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2026/04/08 9:31 a.m.3 views

EUVD-2026-20365

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

5.9AI score0.00381EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/08 9:31 a.m.3 views

EUVD-2026-20202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...

5.9AI score0.00381EPSS
Exploits0References2
NVD
NVDadded 2026/04/08 9:16 a.m.4 views

CVE-2026-39611

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through = 4.2.9...

7.5CVSS0.00381EPSS
Exploits0References1
NVD
NVDadded 2026/04/08 9:16 a.m.6 views

CVE-2026-39544

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...

7.5CVSS0.00381EPSS
Exploits0References1
CVE
CVEadded 2026/04/08 8:30 a.m.6 views

CVE-2026-39679

CVE-2026-39679 is a local file inclusion (LFI) in the WordPress Freeio/ApusTheme Freeio plugin/theme. Affected: Freeio versions up to and including 1.3.21 (and related Freeio/Freeio themes referenced in Red Hat/EUVD records and CVE listings). Root cause: improper control of filenames for include/...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/08 8:30 a.m.22 views

CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...

7.5CVSS0.00381EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/08 8:30 a.m.19 views

CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

7.5CVSS0.00381EPSS
Exploits0References1
Rows per page
Query Builder