CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Truemag versions = 4.3.14.2...

WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Roneous versions = 2.1.5...

WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...

WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Line Agency versions = 1.3.1...

WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tipsy versions = 1.1...

WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Resurs versions = 1.3...

WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Orpheus versions = 1.3...

WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spike versions = 1.2...

WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eros versions = 1.3...

WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gunslinger versions = 1.7...

WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...

WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Skyward versions = 1.10...

WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Grecko versions = 5.17...

WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Snowy versions = 1.13...

WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...

WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Granola versions = 1.13...

WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...

CVE-2025-22741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...