258 matches found
CVE-2026-57799 WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...
WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nuss versions = 1.3.6...
CVE-2025-64152 Apache IoTDB: Path Traversal Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...
PT-2026-49168
Name of the Vulnerable Software and Affected Versions runc versions prior to 1.3.6 runc versions prior to 1.4.3 runc versions prior to 1.5.0-rc.3 Description A flaw involving a /dev symlink allows a malicious container image to obtain limited write access to the host filesystem. This issue occurs...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via HTTP redirect handling in the HTTP client. An attacker can obtain sensitive credentials by causing a client configured to automatically follow redirects to follow a redirect from a...
CVE-2026-45284
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...
CVE-2026-4808
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...
Malicious code in crypto-javascri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f73f5a262aba7ba05c713d409646e419e998232fd536fd99c51750fa070699 The package crypto-javascri was found to contain malicious code. Source: google-open-source-security...
CVE-2026-1559
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1559
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...
EUVD-2026-23622
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop due to the logicalQuery.Select process. An attacker can cause excessive CPU consumption and denial of service by submitting specially crafted Boolean XPath expressions that always evaluate to true, such as "1=1" or "true"...
PT-2026-24047
Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 1.3.6 Apache IoTDB versions 2.0.0 through 2.0.6 Description A security issue exists in Apache IoTDB. Users are advised to upgrade to a fixed version to address the problem. Recommendations Upgrade to version...
CVE-2026-27369
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...
CVE-2026-27369
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...
CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...
CVE-2026-27369
CVE-2026-27369 is a deserialization vulnerability in BoldThemes Celeste WordPress Theme (affected: Celeste