π¨ CVE-2026-54806
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
π@cveNotify
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
π@cveNotify
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
π@cveNotify
Patchstack
Arbitrary File Download in WordPress WP Media folder Addon Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-59554
Unauthenticated SQL Injection in Advanced Ads β Tracking < 3.0.7 versions.
π@cveNotify
Unauthenticated SQL Injection in Advanced Ads β Tracking < 3.0.7 versions.
π@cveNotify
Patchstack
SQL Injection in WordPress Advanced Ads β Tracking Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-60230
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
π@cveNotify
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
π@cveNotify
Patchstack
PHP Object Injection in WordPress The Barber Shop Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69115
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
π@cveNotify
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69130
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
π@cveNotify
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress Entrepreneur - Booking for Small Businesses WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69166
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
π@cveNotify
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress Gunslinger Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69189
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects JobBank: from n/a through 1.2.3.
π@cveNotify
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects JobBank: from n/a through 1.2.3.
π@cveNotify
Patchstack
Broken Access Control in WordPress JobBank Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-40757
Unauthenticated PHP Object Injection in ChΓ’teau <= 1.2.1 versions.
π@cveNotify
Unauthenticated PHP Object Injection in ChΓ’teau <= 1.2.1 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress ChΓ’teau Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-49268
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users.
This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when using DefaultLdapRealm
Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.
π@cveNotify
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users.
This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when using DefaultLdapRealm
Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.
π@cveNotify
π¨ CVE-2026-52716
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
π@cveNotify
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
π@cveNotify
Patchstack
Arbitrary File Deletion in WordPress WorkScout-Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54193
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
π@cveNotify
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
π@cveNotify
Patchstack
Arbitrary File Deletion in WordPress Fusion Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54417
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.
π@cveNotify
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.
π@cveNotify
GitHub
GitHub - rxi/microtar: A lightweight tar library written in ANSI C
A lightweight tar library written in ANSI C. Contribute to rxi/microtar development by creating an account on GitHub.
π¨ CVE-2026-54809
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection.
This issue affects GIFT4U: from n/a through 1.0.10.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection.
This issue affects GIFT4U: from n/a through 1.0.10.
π@cveNotify
Patchstack
SQL Injection in WordPress GIFT4U Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.