CVE-2025-48090

CVE-2025-48090 affects the Blanka – One Page WordPress Theme (blanka-wp). It describes a Path Traversal that allows PHP Local File Inclusion in Blanka Theme versions from n/a through

CVE-2025-48090 WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...

WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability

WordPress Blanka - One Page WordPress Theme Theme 1.5 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Blanka - One Page WordPress Theme versions 1.5...

CVE-2025-49221 Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint...

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-21534

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API...

flatCore Cross-Site Request Forgery Vulnerability (CNVD-2019-23756)

flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site request forgery vulnerability exists in flatCore versions prior to 1.5. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An...

PT-2015-3351

Name of the Vulnerable Software and Affected Versions Omron CX-One CX-Programmer versions prior to 9.6 Omron CJ2M PLC devices versions prior to 2.1 Omron CJ2H PLC devices versions prior to 1.5 Description The issue is related to the transmission of passwords in cleartext, which can be exploited b...

PT-2012-2145 · Unknown · Banana Dance

Name of the Vulnerable Software and Affected Versions: Banana Dance versions prior to B.1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in the user.php file. Recommendations: For versions prior to B.1.5, update to version...