363816 matches found
CVE-2026-54193
Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...
CVE-2026-54417
An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...
CVE-2026-54809
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...
CVE-2026-52716
Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...
CVE-2026-52707
Unauthenticated Local File Inclusion in Kastell = 2.0 versions...
CVE-2026-49268
A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...
CVE-2026-49108
Unauthenticated PHP Object Injection in Moderno 1.43 versions...
CVE-2026-40752
Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...
CVE-2026-40738
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
CVE-2026-40756
Unauthenticated PHP Object Injection in Zoya = 1.4 versions...
CVE-2026-40733
Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...
CVE-2026-40757
Unauthenticated PHP Object Injection in Château = 1.2.1 versions...
CVE-2026-39559
Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...
CVE-2026-39590
Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...
CVE-2026-39576
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
CVE-2026-39556
Unauthenticated PHP Object Injection in Konsept = 1.9 versions...
CVE-2026-39560
Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...
CVE-2026-40720
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
CVE-2026-39442
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
CVE-2026-39445
Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...
CVE-2026-39523
Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...
CVE-2026-10641
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
CVE-2025-69170
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
CVE-2025-69174
Unauthenticated Local File Inclusion in Etude = 1.6 versions...
CVE-2025-69166
Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...
CVE-2025-69175
Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...
CVE-2025-69189
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...
CVE-2025-69164
Unauthenticated Local File Inclusion in Skyward = 1.10 versions...
CVE-2025-69140
Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...
CVE-2025-69144
Unauthenticated Local File Inclusion in Preservation = 1.10 versions...
CVE-2025-69158
Unauthenticated Local File Inclusion in Granola = 1.13 versions...
CVE-2025-69157
Unauthenticated Local File Inclusion in Gamic = 1.15 versions...
CVE-2025-69127
Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...
CVE-2025-69126
Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...
CVE-2025-69130
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...
CVE-2025-69128
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...
CVE-2025-69111
Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...
CVE-2025-69123
Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...
CVE-2025-69120
Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...
CVE-2025-69115
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
CVE-2025-60230
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...
CVE-2025-68524
Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...
CVE-2025-66391
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...
CVE-2025-60231
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...
CVE-2025-60236
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...
CVE-2025-69106
Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...
CVE-2025-59554
Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...
CVE-2025-60229
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...
CVE-2025-15657
Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...
CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...