752 matches found
CVE-2026-40501
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...
CVE-2026-9237
The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-13165
SzafirHost verifies the downloaded native library archive with one JarFile parser reading the Central Directory but extracts native libraries with JarInputStream parser reading sequentially from local file headers. An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as...
PT-2026-53260
Name of the Vulnerable Software and Affected Versions SzafirHost versions prior to 1.2.2 Description SzafirHost is susceptible to remote code execution due to a discrepancy between how it verifies and extracts native library archives. The software uses a JarFile parser to verify the archive by...
EUVD-2025-210224
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2025-69115
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
CVE-2026-39554
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
CVE-2025-60218
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
EUVD-2026-37688
Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...
CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
CVE-2026-40761
WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-39554 WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
PT-2026-50118
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-40772
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CLEANSTART-2026-OS93204 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-m3xc-h892-ggx6, ghsa-qw64-3x98-g7q2 applied in versions: 1.2.2-r0, 1.2.2-r1
Multiple security vulnerabilities affect the apko package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...