365235 matches found
CVE-2025-69173
CVE-2025-69173 affects the WordPress Tipsy theme (<= 1.1) with unauthenticated Local File Inclusion (LFI). Connected PT entries also list additional WordPress themes with similar LFI issues: Ingenioso (<= 1.14.0) and AirSupply (
CVE-2025-69172
Technical details for CVE-2025-69172 are not provided in the connected documents. The Initial description notes an unauthenticated Local File Inclusion in Resurs theme
CVE-2025-69171
Technical details for CVE-2025-69171 are not provided in the supplied documents. The Initial Description notes an unauthenticated Local File Inclusion in the Orpheus theme ≤1.3, but there are no further specifics (affected versions, impact, or fixes) in the connected materials. Monitor for updates.
CVE-2025-69161
CVE-2025-69161 applies to the WordPress Snowy theme up to version 1.13, with unauthenticated Local File Inclusion. The record lists a CVSSv3.1 base score of 8.1 (HIGH) and an attack vector of NETWORK with high complexity, no privileges, and no user interaction required. The vulnerability is docum...
CVE-2025-69148
Technical details about CVE-2025-69148 (WordPress quirky theme Local File Inclusion) are not provided in the connected documents. Monitor for updates; no vendor/product/version/remediation specifics are disclosed here.
CVE-2025-69138
Technical details about CVE-2025-69138 are not provided in the supplied documents. Please monitor official advisories for affected versions, impact, and remediation.
CVE-2025-69145
Technical details for CVE-2025-69145 (Gat theme LFI) are not publicly provided in the connected documents. No vendor/version specifics or fixes are documented here. Monitor for updates.
CVE-2025-69135
Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.
CVE-2025-69129
CVE-2025-69129 concerns the WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (versions
CVE-2025-69117
CVE-2025-69117 concerns the Ingenioso WordPress theme (versions <= 1.14.0) with an unauthenticated Local File Inclusion (LFI). The connected PT-Security entries corroborate an LFI issue affecting Ingenioso
CVE-2025-69110
The CVE-2025-69110 entry documents an Unauthenticated Local File Inclusion in AirSupply WordPress Theme ≤ 2.0.0. The vulnerability affects the AirSupply theme’s handling of local files (LFI) and is described with CVSS 3.1/HIGH (8.1) metrics, indicating high impact on confidentiality, integrity, a...
CVE-2025-60223
CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions
CVE-2025-60218
CVE-2025-60218 concerns the WordPress plugin “PT Luxa Addons” (versions
CVE-2025-60205
The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version
CVE-2025-59563
CVE-2025-59563 is a Privilege Escalation vulnerability in the WordPress Sonaar theme, affecting versions up to 4.27.4. The issue is described as an Authenticated (Subscriber+) privilege escalation with CVSS v3.1 base score 8.8 (High). The vulnerability is exploitable with low privileges and no us...
CVE-2025-58954
CVE-2025-58954 affects the WordPress Theme HomeRoofer (
CVE-2025-59560
CVE-2025-59560: Unauthenticated Cross-Site Scripting in WordPress Sonaar theme
CVE-2025-58953
CVE-2025-58953 affects WordPress Joly theme versions
CVE-2025-58952
CVE-2025-58952 : Unauthenticated Local File Inclusion in WordPress Neuronet theme prior to 1.14.0. Affected: Neuronet
CVE-2025-49403
CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions
CVE-2024-52488
CVE-2024-52488 affects WordPress Grip theme (versions ≤ 1.0.9). The issue is an Arbitrary Plugin Activation/Deactivation vulnerability leading to RCE, requiring Subscriber privileges. Patch status is not clearly available in the provided docs; Patchstack indicates high risk with a potential explo...
CVE-2024-49269
CVE-2024-49269 affects the WordPress theme my flatonica <= 0.0.8, with unauthenticated reflected XSS. Affected versions are
CVE-2026-12165
CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions
CVE-2026-12115
The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...
CVE-2026-47340
CVE-2026-47340 describes an authorization flaw in Apache DolphinScheduler prior to 3.4.2 where authenticated users can access alert instances tied to alert groups they should not access. The issue affects DolphinScheduler up to version before 3.4.2; the recommended fix is upgrading to version 3.4...
CVE-2026-32967
The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...
CVE-2026-42357
CVE-2026-42357 describes an Incorrect Authorization vulnerability in Apache DolphinScheduler. The issue allows users to access workflow instance information for projects they should not access. Affected versions are DolphinScheduler
CVE-2026-41280
CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...
CVE-2026-32966
The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...
CVE-2026-40722
CVE-2026-40722 : Missing Authorization vulnerability in Yoast SEO Premium for WordPress (plugin
CVE-2026-27869
The CVE-2026-27869 entry concerns the Regesta Smart HD-PLC by Teldat (model TLDPH16D2, 11.02.05.10.02). An attacker on the network can perform a Slow Loris-style attack to cause a Denial of Service on the device’s web interface. The impact is a DoS with network access and low attack complexity; c...
CVE-2026-27870
CVE-2026-27870 affects Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02) from Teldat. An attacker with network access and required registration could inject arbitrary JavaScript by placing an XSS payload into the Hostname field of the configuration file, triggering an XSS in the path /upgrade/quer...
CVE-2026-27868
CVE-2026-27868 concerns the Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02). An attacker with network access to the device could disclose privilege information by calling the Version command through /upgrade/query.php?cmd=p+3&3Bversion, leading to information disclosure. The CVSS metrics indicat...
CVE-2026-0063
CVE-2026-0063 affects the Android framework component PhoneInterfaceManager.java, where a logic error in setAllowedCarriers could disable carrier restrictions, enabling local privilege escalation with no additional privileges and no user interaction required. The issue is cataloged as an Elevatio...
CVE-2026-28587
CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...
CVE-2026-28576
In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...
CVE-2026-28615
CVE-2026-28615 affects Telecomm and is described as a permissions bypass that could allow initiating an unauthorized phone call, leading to local elevation of privilege without any additional execution privileges or user interaction. Technical details across sources confirm the vulnerability is l...
CVE-2026-0083
Summary: CVE-2026-0083 describes a possible use-after-free in Nfc::eventCallback() within Nfc.h caused by a race condition, enabling local privilege escalation with no additional privileges and no user interaction required. Connected sources (NVD, EUVD, CIRCL, CVE lists) reproduce the same descri...
CVE-2026-0082
CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...
CVE-2026-12199
CVE-2026-12199 affects the Python package nltk.app.wordnet_app up to v3.9.3. It enables an unauthenticated remote shutdown of the local WordNet Browser HTTP server via an unauthenticated GET request to /SHUTDOWN%20THE%20SERVER, causing the process to terminate with os._exit(0) and resulting in a ...
CVE-2026-0081
CVE-2026-0081 concerns the Android NFC stack. The connected documents indicate a missing permission check in NFC that could allow spoofing an NFC event, enabling local escalation of privilege without any additional execution privileges and without user interaction. The exploitation details are no...
CVE-2026-0071
Summary: CVE-2026-0071 affects SettingsLib where a logic error may skip a permission check, enabling local escalation of privilege with no additional privileges or user interaction required. The vulnerability is described across NVD, ENISA EUVD, CVE records, and PT/security bulletins, all citing ...
CVE-2026-28575
CVE-2026-28575 affects the Android framework in PackageInstaller.Session.transfer (frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java). The issue is described as a logic error causing memory exhaustion that can lead to a local denial of service without requiring...
CVE-2026-0064
CVE-2026-0064 is identified as a DoS vulnerability affecting Android Framework in Android 17 release notes. The issue describes a persistent denial of service due to resource exhaustion that can lead to local denial of service without user interaction. The NVD entry lists a base score of 5.5 (MED...
CVE-2026-0092
The CVE-2026-0092 entry is tied to the Android Package Manager and describes a device lock controller bypass caused by a missing permission check. The underlying issue enables local escalation of privilege with no extra execution privileges and requires no user interaction. The impact is describe...
CVE-2026-8494
CVE-2026-8494 concerns the WordPress plugin Permalink Manager Lite (affected versions up to 2.5.3.3). The issue is a Stored Cross-Site Scripting (XSS) flaw in the admin URI Editor interface, triggered by crafted post titles due to insufficient output escaping. Affected condition requires an attac...
CVE-2026-8607
The CVE concerns the WordPress plugin myCred (Points Management System for Gamification)
CVE-2026-0068
In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...
CVE-2026-10094
CVE-2026-10094 is a path traversal vulnerability in SOLIDWORKS Visualize used with SOLIDWORKS Desktop releases 2024–2026. The underlying flaw permits an attacker to write arbitrary files on the server. Affected product scope is SOLIDWORKS Visualize (with the 2024–2026 desktop releases); no vendor...
CVE-2026-8089
CVE-2026-8089 affects the weMail plugin for WooCommerce (WordPress) prior to version 2.1.3. The issue is a reflected Cross-Site Scripting (XSS) vulnerability caused by not escaping a user-supplied parameter before reflecting it into an HTML attribute in a non-nonce-protected AJAX response. This a...