93342 matches found
WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...
WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pets Club versions = 2.3...
WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Handyman versions = 1.4.7...
CVE-2026-26698
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...
EUVD-2026-9273
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...
CVE-2026-26885
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...
CVE-2026-26886
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manageservice.php...
CVE-2026-26888
Sourcecodester Pharmacy Point of Sale System v1.0 is affected by SQL Injection in /pharmacy/manage_stock.php. Root cause is unsanitized input in the SQL query. CVSS details (NVD) indicate a Network attack vector, Low base impact (C/L, I/N, A/N), with a base score of 2.7 and HIGH privileges requir...
PT-2026-22949
Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...
CVE-2026-26885
CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...
Debian: Security Advisory (DSA-6154-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6154-1] php8.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6154-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 02, 2026 https://www.debian.org/security/faq -...
Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal
Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...
GHSA-37J7-56XC-C468 Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal
Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...
GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...
CVE-2026-26711
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php...
Incorrect Authorization
Auth0-PHP is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation of access tokens, where affected applications may accept ID tokens as Access tokens, and attackers can exploit this by manipulating the audience validation in access tokens...
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...
CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...