18740 matches found
EUVD-2026-31979
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451 Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451
Lumiverse prior to version 0.9.7 has a sandbox escape vulnerability in its component override system. The system transpiles user TSX with Sucrase and evaluates it via new Function, shadowing dangerous globals (fetch, window, eval, etc.). A static validator blocks identifiers, but a string-split b...
CVE-2026-39655
Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...
WordPress Medeus theme <= 1.14 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Medeus versions = 1.14...
WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Quirky versions = 1.23...
WordPress Putter theme <= 1.17 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Putter versions = 1.17...
WordPress Dom theme <= 1.24 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dom versions = 1.24...
WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gat versions = 1.16...
WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Preservation versions = 1.10...
WordPress Mission theme <= 1.22 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Mission versions = 1.22...
WordPress Abelle theme <= 1.22 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Abelle versions = 1.22...
WordPress Kelly Young theme <= 1.1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kelly Young versions = 1.1.0...
WordPress Car Zone theme <= 3.7 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Car Zone versions = 3.7...
WordPress Wanium theme <= 1.9.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanium versions = 1.9.8...
WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability
WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme = 3.1.3 - PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Entrepreneur - Booking for Small Businesses WordPress Theme versions = 3.1.3...
WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Denver Jackson in WordPress Theme JobCareer versions = 7.3...
WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plumbing versions = 1.6...
WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SeaFood Company versions = 1.4...
CVE-2026-39642 WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...