EUVD-2026-33911

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

PT-2026-45731

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Etude versions = 1.6...

WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plumbing versions = 1.6...

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

CVE-2026-48849

CVE-2026-48849 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Affected component: draft restoration path where the draft’s subject field is unsanitized, enabling stored XSS/HTML/CSS injection on shared mailboxes. The issue arises from improper sanitization in the draft ...

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

EUVD-2026-31724

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...

PT-2026-43115

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...

[SECURITY] [DLA 4573-1] libpng1.6 security update

Debian LTS Advisory DLA-4573-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 09, 2026 https://wiki.debian.org/LTS Package : libpng1.6 Version : 1.6.37-3+deb11u4 CVE ID : CVE-2026-34757 Debian Bug : 1133051 A security vulnerability has been discovered in libpng,...

CVE-2025-14868 Career Section <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Aperitif versions = 1.6...

EUVD-2026-20193

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through = 1.6...

CVE-2026-39538

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through = 1.6...

WordPress plugin Mikado Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2018-21704

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts...

CVE-2018-25223

Removed by vendor...

Crashmail 缓冲区错误漏洞

Crashmail is a mail processing and message exchange software developed by the Crashmail company. Version 1.6 of Crashmail contains a buffer overflow vulnerability, which stems from a stack buffer overflow. This vulnerability could allow remote attackers to execute arbitrary code...