Postorius is vulnerable to XSS

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

PT-2026-38553

Name of the Vulnerable Software and Affected Versions Postorius versions prior to 1.3.14 Description The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026. Recommendations Update to a version...

EUVD-2026-15497

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...

CVE-2026-22494

CVE-2026-22494 is a Local File Inclusion in ThemeREX Good Homes (WordPress theme)

WordPress plugin Good Homes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27817

Name of the Vulnerable Software and Affected Versions ThemeREX Good Homes versions n/a through 1.3.13 Description The software contains a flaw due to improper control of filename handling for include/require statements in PHP. This allows for PHP Local File Inclusion. The affected component is th...

WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Homes versions = 1.3.13...

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2025-60057 WordPress DJ Rainflow theme <= 1.3.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DJ Rainflow dj-rainflow allows PHP Local File Inclusion.This issue affects DJ Rainflow: from n/a through = 1.3.13...

PT-2025-52118

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DJ Rainflow dj-rainflow allows PHP Local File Inclusion.This issue affects DJ Rainflow: from n/a through = 1.3.13...

CVE-2025-61194

daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

CVE-2025-61194

daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

DaiCuo CMS 安全漏洞

DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from an arbitrary file upload vulnerability in the image upload function...

DaiCuo CMS 安全漏洞

DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from a SQL injection vulnerability in file library hinkdbBuilder.php...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...