PT-2026-25596

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents...

EUVD-2025-26510

Malicious code in bioql PyPI...

CVE-2025-21028

Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items...

PT-2025-35682

Name of the Vulnerable Software and Affected Versions: ThemeManager versions prior to SMR Sep-2025 Release 1 Description: Improper privilege management in ThemeManager allows local privileged attackers to reuse trial items. Recommendations: Update ThemeManager to SMR Sep-2025 Release 1 or later...

Deserialization of Untrusted Data

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in src/Core/Addon/Theme/ThemeManager.php's...

MAL-2022-6548 Malicious code in theme_manager_base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bc6db51bd02965797db039443df8af4306318f1bc3800f90f23f2a93e5e9efd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in theme_manager_base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bc6db51bd02965797db039443df8af4306318f1bc3800f90f23f2a93e5e9efd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4730 Malicious code in mt-react-theme-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35438d73e685d2e77be34a77bee4fac7843dd594e2333f2c6e1034b9da1f2310 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mt-react-theme-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35438d73e685d2e77be34a77bee4fac7843dd594e2333f2c6e1034b9da1f2310 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-29251 Cross-site Scripting in the Flamingo theme manager

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The...

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution RCE without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell...

Ixprim CMS theme_manager.class.php远程文件包含漏洞

Ixprim是一款法语的网站内容管理系统。 Ixprim处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上的任意命令。 Ixprim的thememanager.class.php脚本没有对某些外部输入的全局变量做充分的检查过滤，攻击者可以在使之包含远端服务器上的任意脚本代码。 Ixprim 1.2 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ixprim-cms.org/...