UBUNTU-CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

CVE-2026-11623

CVE-2026-11623 affects tmux up to 3.6a. The vulnerability lies in the image_free function in image.c, resulting in a use‑after‑free. Exploitation requires local access and is described as high complexity, with public disclosure of exploits. A fix is available in tmux 3.7-rc; patch hash fc6d94a9f8...

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

PT-2026-32121

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zd echo' GET parameter into the HTTP response without proper...

CVE-2026-22473

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

EUVD-2026-9611

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

CVE-2026-27338

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

CVE-2026-22473

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

PT-2026-23232

Name of the Vulnerable Software and Affected Versions AivahThemes Car Zone versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...

PT-2026-23205

Name of the Vulnerable Software and Affected Versions Dental Clinic versions through 3.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. Recommendations Versions prior to and including 3.7 should be updated...

WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dental Clinic versions = 3.7...

CVE-2026-1614

The CVE-2026-1614 entry concerns Rise Blocks – A Complete Gutenberg Page Builder (WordPress). It describes a Stored Cross-Site Scripting (Stored XSS) vulnerability in the Site Identity block attribute logoTag, exploitable by authenticated attackers with Contributor-level access and above. Affecte...

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin = 3.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Rise Blocks versions = 3.7...

PT-2026-21226

Name of the Vulnerable Software and Affected Versions Applay - Shortcodes versions through 3.7 Description A flaw exists in the Applay - Shortcodes application that allows for object injection due to deserialization of untrusted data. This issue impacts the application's functionality related to...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

CVE-2025-49380

Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

PT-2025-43170

Name of the Vulnerable Software and Affected Versions WooCommerce Vehicle Parts Finder versions through 3.7 Description The WooCommerce Vehicle Parts Finder plugin contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the...

PT-2025-43178

Name of the Vulnerable Software and Affected Versions WooCommerce Vehicle Parts Finder versions through 3.7 Description The WooCommerce Vehicle Parts Finder component contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS...