363781 matches found
CVE-2026-40754
Unauthenticated PHP Object Injection in Roisin = 1.4 versions...
CVE-2026-40749
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40723
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
CVE-2026-40735
Unauthenticated PHP Object Injection in Reina = 2.1 versions...
CVE-2026-40725
Unauthenticated PHP Object Injection in WooCommerce Product Filters 2.0.6 versions...
CVE-2026-40726
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-40731
Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...
CVE-2026-40724
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2026-40736
Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...
CVE-2026-40722
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
CVE-2026-40721
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
CVE-2026-39598
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...
CVE-2026-39578
Unauthenticated PHP Object Injection in Valiance = 1.2 versions...
CVE-2026-39589
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
CVE-2026-39582
Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...
CVE-2026-39580
Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...
CVE-2026-39597
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
CVE-2026-39595
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-39596
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
CVE-2026-39549
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
CVE-2026-39558
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
CVE-2026-39568
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
CVE-2026-39573
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-39577
Unauthenticated PHP Object Injection in Playroom = 1.4.1 versions...
CVE-2026-39554
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
CVE-2026-39567
Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...
CVE-2026-39557
Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...
CVE-2026-39537
Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...
CVE-2026-39546
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
CVE-2026-39545
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
CVE-2026-39547
Unauthenticated Local File Inclusion in Getaway 1.8 versions...
CVE-2026-39548
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
CVE-2026-39539
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
CVE-2026-39443
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
CVE-2026-39433
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2026-39438
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-39522
Unauthenticated Local File Inclusion in Solene = 3.4 versions...
CVE-2026-39529
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2026-39446
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-34894
Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...
CVE-2026-34888
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...
CVE-2026-34893
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
CVE-2026-34895
Unauthenticated Local File Inclusion in Softlab Core 1.2.11 versions...
CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-28587
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28575
In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...
CVE-2026-2604
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
CVE-2026-28615
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28576
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...