586 matches found
CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...
WordPress plugin Gioia 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Leroux 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Elated Listing 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
RHSA-2026:5576 Red Hat Security Advisory: 389-ds:1.4 security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: 389-ds:1.4 security update
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...
Security Bulletin: NVIDIA B300 MCU - March 2026
NVIDIA has released a software update for NVIDIA® B300 to address the security issues described in this bulletin. To protect your system, download and install the latest version of the NVIDIA B300 firmware from the NVIDIA Developer Tools page. Go to NVIDIA Product Security. Details The following...
WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Leroux versions 1.4...
CVE-2026-1275
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on the user-supplied 'slides' parameter in the...
CVE-2026-1275
CVE-2026-1275 concerns the WordPress plugin Multi Post Carousel by Category and its vulnerability to a Stored Cross-Site Scripting (XSS) via the slides shortcode attribute in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the function handling the...
CVE-2026-1275
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on the user-supplied 'slides' parameter in the...
EUVD-2025-208865
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4...
CVE-2025-67618 WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4...
CVE-2025-67618
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4...
CVE-2026-22416
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...
EUVD-2026-9572
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4...
CVE-2026-22478
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through = 1.4...
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
CVE-2026-22416
CVE-2026-22416 is a Local File Inclusion vulnerability in the WordPress FixTeam theme (AncoraThemes FixTeam). The advisory states improper control of filename for include/require in PHP, effectively a PHP Remote File Inclusion condition that leads to LFI. Affected versions are FixTeam up to 1.5.0...
PT-2026-23193
Name of the Vulnerable Software and Affected Versions AncoraThemes Handyman versions through 1.4 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This impacts the handyman-services component. Recommendations At the moment, there...