926 matches found
Core FTP/SFTP Server 缓冲区错误漏洞
Core FTP/SFTP Server is a file transfer server software developed by Core FTP Corporation. Version 1.2 of Core FTP/SFTP Server contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the user domain field, which could allow attackers to cause the service to crash...
CVE-2026-27083
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-1800
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
EUVD-2026-15580
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...
CVE-2026-27077
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through = 1.2...
CVE-2026-27083
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-24970
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...
CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27083
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27077 WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through = 1.2...
CVE-2026-24970 WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...
CVE-2026-22511 WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through = 1.2...
CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...
WordPress plugin Lella 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27982
Name of the Vulnerable Software and Affected Versions ThemeREX Work & Travel Company versions through 1.2 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts the Work & Travel Company application. Recommendations...
PT-2026-27863
Name of the Vulnerable Software and Affected Versions Energox versions n/a through 1.2 Description An improper limitation of a pathname to a restricted directory 'Path Traversal' exists in designingmedia Energox energox, allowing Path Traversal. This allows an attacker to potentially access files...
PT-2026-27976
Name of the Vulnerable Software and Affected Versions Mikado-Themes MultiOffice versions n/a through 1.2 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes MultiOffice...
WordPress plugin Morning Records 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...
CVE-2026-3347
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...