1471 Total CVEs
842 AI Analyzed
5 CISA KEV
406 Critical
All Vendors
Showing 1-1471 of 1471 CVEs
CVE-2026-9691
Analyzed
9.8
HP Contact Form 7, WPForms, Elementor, Ninja Forms Integration

An unauthenticated PHP Object Injection vulnerability (CWE-502) affects the Integration for ActiveCampaign and various form plugins, potentially allow...

2026-06-16
CVE-2026-9559
Analyzed
9.9
HP files to

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw i...

2026-05-30
CVE-2026-8785
Analyzed
7.3
HP of the

A flaw has been found in projectworlds hospital-management-system-in-php 1

2026-05-18
CVE-2026-8632
Analyzed
7.8
HP Imaging and

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software

2026-05-22
CVE-2026-8365
Analyzed
8.8
HP Blocksy Theme for WordPress

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V...

2026-06-10
CVE-2026-7733
7.3
HP of the

A flaw has been found in funadmin up to 7

2026-05-04
CVE-2026-7654
Analyzed
8.8
HP Admin Columns Plugin

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7

2026-06-07
CVE-2026-7647
8.1
HP is vulnerable

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3

2026-05-02
CVE-2026-7637
Analyzed
9.8
HP is vulnerable

The Boost plugin for WordPress is vulnerable to PHP Object Injection via an untrusted cookie, which may lead to remote code execution if a POP chain e...

2026-05-20
CVE-2026-7632
7.3
HP Multiple Products

A vulnerability was determined in code-projects Online Hospital Management System 1

2026-05-03
CVE-2026-7630
7.3
HP of the

A vulnerability has been found in innocommerce InnoShop up to 0

2026-05-03
CVE-2026-7592
7.3
HP Multiple Products

A weakness has been identified in itsourcecode Courier Management System 1

2026-05-02
CVE-2026-7555
7.3
HP Multiple Products

A vulnerability was identified in itsourcecode Electronic Judging System 1

2026-05-01
CVE-2026-7550
7.3
HP Multiple Products

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1

2026-05-01
CVE-2026-7549
7.3
HP Multiple Products

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1

2026-05-01
CVE-2026-7545
7.3
HP of the

A weakness has been identified in SourceCodester Advanced School Management System 1

2026-05-01
CVE-2026-7515
Analyzed
9.8
HP BetterDocs Pro

The BetterDocs Pro plugin for WordPress contains a Local File Inclusion vulnerability in the doc_style parameter, allowing unauthenticated attackers t...

2026-06-20
CVE-2026-7506
7.3
HP Multiple Products

A vulnerability has been found in SourceCodester Hotel Management System 1

2026-05-01
CVE-2026-7389
7.3
HP Multiple Products

A security vulnerability has been detected in EyouCMS up to 1

2026-05-01
CVE-2026-7273
Analyzed
8.8
HP GS1900-48HPv2

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2

2026-06-16
CVE-2026-7228
7.3
HP Multiple Products

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1

2026-04-29
CVE-2026-7227
7.3
HP Multiple Products

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1

2026-04-29
CVE-2026-7226
7.3
HP Multiple Products

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1

2026-04-29
CVE-2026-7225
7.3
HP Multiple Products

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1

2026-04-29
CVE-2026-7224
7.3
HP Multiple Products

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1

2026-04-29
CVE-2026-7199
7.3
HP Multiple Products

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7194
7.3
HP Multiple Products

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7131
7.3
HP Multiple Products

A vulnerability has been found in code-projects Online Lot Reservation System up to 1

2026-04-28
CVE-2026-7130
7.3
HP Multiple Products

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7128
7.3
HP Multiple Products

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7127
7.3
HP Multiple Products

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7126
7.3
HP Multiple Products

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-28
CVE-2026-7088
Analyzed
7.3
HP Pharmacy Sales and Inventory System

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-27
CVE-2026-7087
Analyzed
7.3
HP Pharmacy Sales and Inventory System

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-27
CVE-2026-7077
Analyzed
7.3
HP Courier Management System

A vulnerability was identified in itsourcecode Courier Management System 1

2026-04-27
CVE-2026-7076
Analyzed
7.3
HP Courier Management System

A vulnerability was determined in itsourcecode Courier Management System 1

2026-04-27
CVE-2026-7075
Analyzed
7.3
HP Construction Management System

A vulnerability was found in itsourcecode Construction Management System 1

2026-04-27
CVE-2026-7074
Analyzed
7.3
HP Construction Management System

A vulnerability has been found in itsourcecode Construction Management System 1

2026-04-27
CVE-2026-7073
Analyzed
7.3
HP Construction Management System

A flaw has been found in itsourcecode Construction Management System 1

2026-04-27
CVE-2026-7072
Analyzed
7.3
HP canteen_management_system

A vulnerability was detected in CodePanda Source canteen_management_system 1

2026-04-27
CVE-2026-7063
7.3
HP of the

A vulnerability was detected in code-projects Employee Management System 1

2026-04-27
CVE-2026-7025
7.3
HP of the

A vulnerability was found in Typecho up to 1

2026-04-26
CVE-2026-7002
7.3
HP of the

A vulnerability was determined in KLiK SocialMediaWebsite up to 1

2026-04-26
CVE-2026-6602
7.3
HP Multiple Products

A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4

2026-04-20
CVE-2026-6595
7.3
HP of the

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59

2026-04-20
CVE-2026-6569
7.3
HP of the

A vulnerability was identified in kodcloud KodExplorer up to 4

2026-04-20
CVE-2026-6568
7.3
HP of the

A vulnerability was determined in kodcloud KodExplorer up to 4

2026-04-20
CVE-2026-6490
7.3
HP of the

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593

2026-04-18
CVE-2026-6433
7.3
HP plugin through

The Custom css-js-php WordPress plugin through 2

2026-05-12
CVE-2026-6279
Analyzed
9.8
HP is vulnerable

The Avada Builder plugin for WordPress is vulnerable to unauthenticated remote code execution via PHP function injection in the `fusion_get_widget_mar...

2026-05-21
CVE-2026-6257
Analyzed
9.1
HP directives that

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file ren...

2026-04-21
CVE-2026-6249
8.8
HP webshell with

Vvveb CMS 1

2026-04-21
CVE-2026-6211
Analyzed
8.7
HP WEOLL

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc

2026-06-13
CVE-2026-6193
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1

2026-04-14
CVE-2026-6189
7.3
HP Multiple Products

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-14
CVE-2026-6188
7.3
HP Multiple Products

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-14
CVE-2026-6187
7.3
HP Multiple Products

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1

2026-04-14
CVE-2026-6183
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Simple Content Management System 1

2026-04-14
CVE-2026-6182
7.3
HP Multiple Products

A vulnerability was identified in code-projects Simple Content Management System 1

2026-04-14
CVE-2026-6167
7.3
HP Multiple Products

A vulnerability was detected in code-projects Faculty Management System 1

2026-04-13
CVE-2026-6166
7.3
HP Multiple Products

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6165
7.3
HP Multiple Products

A weakness has been identified in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6164
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Lost and Found Thing Management 1

2026-04-13
CVE-2026-6163
7.3
HP Multiple Products

A vulnerability was identified in code-projects Lost and Found Thing Management 1

2026-04-13
CVE-2026-6161
7.3
HP of the

A vulnerability was determined in code-projects Simple ChatBox up to 1

2026-04-13
CVE-2026-6153
7.3
HP Multiple Products

A vulnerability was identified in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6152
7.3
HP Multiple Products

A vulnerability was determined in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6151
7.3
HP Multiple Products

A vulnerability was found in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6149
Analyzed
7.3
HP Vehicle Showroom Management System

A flaw has been found in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6148
Analyzed
7.3
HP Vehicle Showroom Management System

A vulnerability was detected in code-projects Vehicle Showroom Management System 1

2026-04-13
CVE-2026-6038
7.3
HP Multiple Products

A vulnerability was identified in code-projects Vehicle Showroom Management System 1

2026-04-12
CVE-2026-6037
7.3
HP Multiple Products

A vulnerability was determined in code-projects Vehicle Showroom Management System 1

2026-04-12
CVE-2026-6036
7.3
HP Multiple Products

A vulnerability was found in code-projects Vehicle Showroom Management System 1

2026-04-12
CVE-2026-58455
Analyzed
9.8
HP dockwatch

Dockwatch is vulnerable to unauthenticated OS command injection via improper session handling and unsanitized input in the composePath parameter.

2026-07-03
CVE-2026-58226
Analyzed
8.7
HP HPAX

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding

2026-07-07
CVE-2026-57995
Analyzed
8.8
HP phpMyFAQ

phpMyFAQ before 4

2026-07-01
CVE-2026-57677
Analyzed
9.8
HP Payment Gateway for WooCommerce

An unauthenticated PHP object injection vulnerability exists in the Novalnet Payment Gateway for WooCommerce plugin, allowing potential remote code ex...

2026-07-03
CVE-2026-57621
Analyzed
9.8
HP Booktics

An unauthenticated PHP object injection vulnerability in the Booktics plugin allows remote attackers to execute arbitrary code on affected systems.

2026-07-03
CVE-2026-57517
Analyzed
9.8
HP Control Web Panel

Control Web Panel is vulnerable to unauthenticated blind SQL injection, allowing remote attackers to achieve remote code execution via arbitrary file...

2026-07-02
CVE-2026-56700
Analyzed
9.8
HP Grav CMS

Grav CMS is vulnerable to remote code execution via insecure PHP object deserialization, OS command injection, and server-side template injection.

2026-07-01
CVE-2026-5648
7.3
HP of the

A flaw has been found in code-projects Simple Laundry System 1

2026-04-06
CVE-2026-5646
Analyzed
7.3
HP Easy Blog Site

A security vulnerability has been detected in code-projects Easy Blog Site 1

2026-04-06
CVE-2026-5645
7.3
HP of the

A weakness has been identified in projectworlds Car Rental System 1

2026-04-06
CVE-2026-5642
7.3
HP of the

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f

2026-04-06
CVE-2026-56396
Analyzed
8.8
HP phpMyFAQ

phpMyFAQ before 4

2026-06-22
CVE-2026-5637
7.3
HP of the

A security vulnerability has been detected in projectworlds Car Rental System 1

2026-04-06
CVE-2026-5634
7.3
HP of the

A vulnerability was identified in projectworlds Car Rental Project 1

2026-04-06
CVE-2026-56124
Analyzed
7.5
HP phpUploader

phpUploader before 2

2026-06-30
CVE-2026-56057
Analyzed
9.8
HP Uncanny Automator Pro

A PHP Object Injection vulnerability in Uncanny Automator Pro allows attackers to execute arbitrary code via malicious serialized input.

2026-06-27
CVE-2026-56055
Analyzed
8.8
HP RealHomes

Subscriber PHP Object Injection in RealHomes <= 4

2026-06-27
CVE-2026-56053
Analyzed
8.8
HP EventPrime

Subscriber PHP Object Injection in EventPrime <= 4

2026-06-26
CVE-2026-56032
Analyzed
9.8
HP Buddyboss Platform

A PHP Object Injection vulnerability exists in the Buddyboss Platform plugin that may allow unauthenticated or low-privileged attackers to execute arb...

2026-06-27
CVE-2026-56031
Analyzed
8.1
HP Automator

Unauthenticated PHP Object Injection in Uncanny Automator <= 7

2026-06-27
CVE-2026-5575
7.3
HP of the

A vulnerability was detected in SourceCodester/jkev Record Management System 1

2026-04-06
CVE-2026-5565
7.3
HP of the

A security vulnerability has been detected in code-projects Simple Laundry System 1

2026-04-06
CVE-2026-55574
Analyzed
8.7
HP vLLM

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs

2026-07-07
CVE-2026-5555
7.3
HP of the

A weakness has been identified in code-projects Concert Ticket Reservation System 1

2026-04-06
CVE-2026-5551
7.3
HP of the

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1

2026-04-06
CVE-2026-5540
7.3
HP of the

A vulnerability has been found in code-projects Simple Laundry System 1

2026-04-05
CVE-2026-5534
Analyzed
7.3
HP Online Enrollment System

A vulnerability was identified in itsourcecode Online Enrollment System 1

2026-04-05
CVE-2026-54823
Analyzed
9.9
HP Widget Options

A critical vulnerability in the MarketingFire Widget Options plugin allows contributor-level users to execute arbitrary code on the server.

2026-06-26
CVE-2026-54414
Analyzed
9.8
HP FileRise

FileRise is vulnerable to path traversal via the shared-folder upload endpoint, allowing an attacker with a valid upload link to overwrite system file...

2026-06-20
CVE-2026-54234
Analyzed
7.5
HP vLLM

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs

2026-07-07
CVE-2026-54133
Analyzed
9.8
HP jmespath.php

The jmespath.php library fails to sanitize input when using the compiler runtime, allowing for remote code execution via crafted JMESPath expressions.

2026-06-13
CVE-2026-53787
Analyzed
9.8
HP Order Attributes for Magento 2

Amasty Order Attributes for Magento 2 contains an unauthenticated arbitrary file upload vulnerability allowing remote code execution.

2026-06-13
CVE-2026-53690
Analyzed
9.3
HP Redeight CMS

An SQL injection vulnerability in Redeight CMS allows unauthenticated remote attackers to execute arbitrary SQL commands via the "userEmail" parameter...

2026-07-01
CVE-2026-5368
Analyzed
7.3
HP of the

A vulnerability was determined in projectworlds Car Rental Project 1

2026-04-04
CVE-2026-5334
Analyzed
7.3
HP Online Enrollment System 1

A weakness has been identified in itsourcecode Online Enrollment System 1

2026-04-04
CVE-2026-5333
Analyzed
7.3
HP Content-Management-System 1

A security flaw has been discovered in DefaultFuction Content-Management-System 1

2026-04-04
CVE-2026-52778
Analyzed
9.8
HP YesWiki

YesWiki is vulnerable to an unsafe execution flaw in the Bazar form field calculator, allowing potential arbitrary PHP code execution and ReDoS attack...

2026-06-09
CVE-2026-5257
7.3
HP of the

A vulnerability has been found in code-projects Simple Laundry System 1

2026-04-01
CVE-2026-5256
7.3
HP of the

A flaw has been found in code-projects Simple Laundry System 1

2026-04-01
CVE-2026-5238
7.3
HP of the

A weakness has been identified in itsourcecode Payroll Management System 1

2026-04-01
CVE-2026-5237
7.3
HP of the

A security flaw has been discovered in itsourcecode Payroll Management System 1

2026-04-01
CVE-2026-5198
7.3
HP of the

A vulnerability was determined in code-projects Student Membership System 1

2026-04-01
CVE-2026-5180
7.3
HP Multiple Products

A flaw has been found in SourceCodester Simple Doctors Appointment System 1

2026-03-31
CVE-2026-5179
7.3
HP Multiple Products

A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1

2026-03-31
CVE-2026-5150
7.3
HP of the

A security vulnerability has been detected in code-projects Accounting System 1

2026-03-31
CVE-2026-5035
7.3
HP of the

A vulnerability has been found in code-projects Accounting System 1

2026-03-29
CVE-2026-5034
7.3
HP of the

A flaw has been found in code-projects Accounting System 1

2026-03-29
CVE-2026-5033
7.3
HP of the

A vulnerability was detected in code-projects Accounting System 1

2026-03-29
CVE-2026-5019
7.3
HP of the

A security vulnerability has been detected in code-projects Simple Food Order System 1

2026-03-29
CVE-2026-5018
7.3
HP of the

A weakness has been identified in code-projects Simple Food Order System 1

2026-03-29
CVE-2026-5017
7.3
HP of the

A security flaw has been discovered in code-projects Simple Food Order System 1

2026-03-29
CVE-2026-49781
Analyzed
9.8
HP OttoKit

An unauthenticated PHP Object Injection vulnerability exists in the OttoKit component of the SureTriggers WordPress plugin, potentially leading to rem...

2026-06-16
CVE-2026-49770
Analyzed
9.8
HP WP Travel Engine

The WP Travel Engine plugin for WordPress contains an unauthenticated PHP Object Injection vulnerability, which could be exploited to compromise the s...

2026-06-16
CVE-2026-49769
Analyzed
9.8
HP wpForo Forum

The wpForo Forum plugin for WordPress is vulnerable to unauthenticated PHP Object Injection, enabling potential remote code execution via untrusted in...

2026-06-16
CVE-2026-49768
Analyzed
9.8
HP Happyforms

The Happyforms plugin for WordPress is susceptible to unauthenticated PHP Object Injection, which could allow attackers to execute arbitrary code or r...

2026-06-16
CVE-2026-49765
Analyzed
9.8
HP Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms

The Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress suffers from unauthenticated PHP Object Injecti...

2026-06-16
CVE-2026-49763
Analyzed
9.8
HP Integration for Contact Form 7 HubSpot

The Integration for Contact Form 7 HubSpot plugin for WordPress is vulnerable to unauthenticated PHP Object Injection, potentially allowing remote cod...

2026-06-16
CVE-2026-49489
Analyzed
8.5
HP to perform

OpenCATS through 0

2026-06-01
CVE-2026-49286
Analyzed
8.1
HP PhpWeasyPrint

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page

2026-06-21
CVE-2026-49260
Analyzed
8.2
HP PhpWeasyPrint

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page

2026-06-21
CVE-2026-49109
Analyzed
9.8
HP Integration for Salesforce

An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce allows remote attackers to achieve arbitrary code ex...

2026-06-16
CVE-2026-49106
Analyzed
9.8
HP Integration for Contact Form 7 and Constant Contact

An unauthenticated PHP Object Injection vulnerability exists in the CRM Perks Integration for Contact Form 7 and Constant Contact, enabling potential...

2026-06-16
CVE-2026-49105
Analyzed
9.8
HP WP Zendesk

An unauthenticated PHP Object Injection vulnerability in the WP Zendesk integration for WordPress allows attackers to execute arbitrary code via deser...

2026-06-16
CVE-2026-49104
Analyzed
9.8
HP Integration for Keap/infusionsoft

An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft allows remote attackers to perform deserializ...

2026-06-16
CVE-2026-49085
Analyzed
9.8
HP WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

An unauthenticated PHP Object Injection vulnerability exists in the WP Insightly integration plugin for various WordPress form builders, allowing pote...

2026-06-16
CVE-2026-48527
Analyzed
8.7
HP or NodeJs

HAX CMS helps manage microsite universe with PHP or NodeJs backends

2026-05-30
CVE-2026-48505
Analyzed
7.4
HP Filament

Filament is a collection of full-stack components for accelerated Laravel development

2026-06-23
CVE-2026-48242
Analyzed
8.1
HP Multiple Products

Open ISES Tickets before 3

2026-05-22
CVE-2026-48241
Analyzed
8.1
HP Multiple Products

Open ISES Tickets before 3

2026-05-22
CVE-2026-48240
Analyzed
7.1
HP Unknown

Open ISES Tickets before 3

2026-05-23
CVE-2026-48239
Analyzed
7.1
HP Unknown

Open ISES Tickets before 3

2026-05-23
CVE-2026-48238
Analyzed
7.1
HP Unknown

Open ISES Tickets before 3

2026-05-23
CVE-2026-48237
Analyzed
7.1
HP Unknown

Open ISES Tickets before 3

2026-05-23
CVE-2026-48234
Analyzed
7.1
HP where the

Open ISES Tickets before 3

2026-05-22
CVE-2026-48233
Analyzed
7.1
HP where the

Open ISES Tickets before 3

2026-05-22
CVE-2026-48232
Analyzed
7.1
HP where the

Open ISES Tickets before 3

2026-05-22
CVE-2026-48231
Analyzed
7.1
HP where the

Open ISES Tickets before 3

2026-05-22
CVE-2026-4815
8.8
HP Multiple Products

A SQL Injection vulnerability has been found in Support Board v3

2026-03-27
CVE-2026-4809
Analyzed
9.8
HP code while

Plank laravel-mediable through version 6.4.0 allows for arbitrary file upload and remote code execution by trusting client-supplied MIME types during...

2026-03-27
CVE-2026-46491
Analyzed
8.6
HP casserver

SimpleSAMLphp-casserver is a CAS 1

2026-06-11
CVE-2026-46367
Analyzed
7.6
HP Multiple Products

phpMyFAQ before 4

2026-05-16
CVE-2026-46366
Analyzed
7.5
HP Multiple Products

phpMyFAQ before 4

2026-05-17
CVE-2026-46364
Analyzed
9.8
HP phpMyFAQ

phpMyFAQ contains an unauthenticated SQL injection vulnerability in its captcha handling methods, allowing attackers to extract sensitive database inf...

2026-05-16
CVE-2026-46359
Analyzed
7.5
HP Multiple Products

phpMyFAQ before 4

2026-05-17
CVE-2026-4623
7.3
HP of the

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36...

2026-03-24
CVE-2026-4617
7.3
HP of the

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1

2026-03-24
CVE-2026-4612
7.3
HP Multiple Products

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1

2026-03-24
CVE-2026-4581
7.3
HP of the

A weakness has been identified in code-projects Simple Laundry System 1

2026-03-24
CVE-2026-4580
7.3
HP of the

A security flaw has been discovered in code-projects Simple Laundry System 1

2026-03-24
CVE-2026-4579
7.3
HP of the

A vulnerability was identified in code-projects Simple Laundry System 1

2026-03-23
CVE-2026-4562
7.3
HP of the

A security flaw has been discovered in MacCMS 2025

2026-03-23
CVE-2026-45578
Analyzed
8.8
HP builds an

WWBN AVideo is an open source video platform

2026-05-30
CVE-2026-45444
Analyzed
10
HP Gift Cards For WooCommerce Pro

The WP Swings Gift Cards For WooCommerce Pro plugin allows unauthenticated users to upload malicious files, leading to potential site compromise.

2026-05-21
CVE-2026-4540
7.3
HP of the

A vulnerability was detected in projectworlds Online Notes Sharing System 1

2026-03-22
CVE-2026-4529
Analyzed
8.8
HP Multiple Products

A vulnerability was identified in D-Link DHP-1320 1

2026-03-22
CVE-2026-45247
KEV Analyzed
9.8
HP Full Page Cache Warmer for Magento 2

Mirasvit Full Page Cache Warmer for Magento 2 contains a PHP object injection vulnerability allowing unauthenticated RCE via the CacheWarmer cookie.

2026-05-27
CVE-2026-4508
7.3
HP of the

A vulnerability was identified in PbootCMS up to 3

2026-03-22
CVE-2026-45060
Analyzed
9.8
HP ClipBucket

The ClipBucket video sharing platform is vulnerable to unauthenticated blind SQL injection, allowing attackers to execute unauthorized database querie...

2026-06-12
CVE-2026-45010
Analyzed
9.1
HP phpMyFAQ

phpMyFAQ lacks rate limiting on its TOTP authentication endpoint, allowing unauthenticated attackers to brute-force two-factor authentication tokens.

2026-05-16
CVE-2026-44548
8.1
HP causes

ChurchCRM is an open-source church management system

2026-05-13
CVE-2026-44547
Analyzed
9.6
HP by an

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged an...

2026-05-13
CVE-2026-44262
Analyzed
9.4
HP code in

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and vali...

2026-05-13
CVE-2026-43884
7.7
HP and objects

WWBN AVideo is an open source video platform

2026-05-12
CVE-2026-43874
7.2
HP Multiple Products

WWBN AVideo is an open source video platform

2026-05-12
CVE-2026-43633
Analyzed
10
HP and Node

HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch betwee...

2026-05-20
CVE-2026-4319
7.3
HP Multiple Products

A vulnerability was identified in code-projects Simple Food Order System 1

2026-03-19
CVE-2026-42748
Analyzed
9.9
HP Woo Czech

An unrestricted file upload vulnerability in the WPify Woo Czech plugin allows unauthenticated attackers to upload and execute a web shell on the serv...

2026-05-28
CVE-2026-42687
Analyzed
8.1
HP EventPrime

Unauthenticated PHP Object Injection in EventPrime <= 4

2026-06-16
CVE-2026-42607
Analyzed
9.1
HP Grav CMS

Grav CMS allows authenticated administrators to achieve Remote Code Execution (RCE) by uploading malicious ZIP files via the "Direct Install" tool.

2026-05-12
CVE-2026-42605
Analyzed
8.8
HP webshell to

AzuraCast is a self-hosted, all-in-one web radio management suite

2026-05-10
CVE-2026-42569
Analyzed
9.4
HP application to

A critical vulnerability in phpVMS allows unauthenticated access to a legacy import feature, potentially exposing application data or functionality.

2026-05-10
CVE-2026-42562
Analyzed
8.3
HP Multiple Products

Plainpad is a self hosted note taking app

2026-05-10
CVE-2026-42550
8.8
HP Multiple Products

Flight is an extensible micro-framework for PHP

2026-05-14
CVE-2026-42473
Analyzed
9.8
HP Framework

The MixPHP Framework is vulnerable to unsafe deserialization of session and cache data stored on the filesystem, potentially allowing remote code exec...

2026-05-02
CVE-2026-42472
Analyzed
9.8
HP Framework

The MixPHP Framework is vulnerable to unsafe deserialization of session and cache data stored in Redis, potentially allowing remote code execution.

2026-05-02
CVE-2026-42471
8.1
HP Framework

Unsafe deserialization vulnerability in MixPHP Framework 2

2026-05-02
CVE-2026-4237
7.3
HP Multiple Products

A flaw has been found in itsourcecode Free Hotel Reservation System 1

2026-03-17
CVE-2026-4235
7.3
HP Multiple Products

A weakness has been identified in itsourcecode Online Enrollment System 1

2026-03-17
CVE-2026-42341
Analyzed
9.2
HP FOSSBilling

FOSSBilling contains an unauthenticated payment bypass vulnerability in the IPN callback endpoint, allowing attackers to mark invoices as paid without...

2026-07-07
CVE-2026-42289
8.8
HP processes user

ChurchCRM is an open-source church management system

2026-05-13
CVE-2026-4223
7.3
HP Multiple Products

A vulnerability was identified in itsourcecode Payroll Management System 1

2026-03-17
CVE-2026-42224
7.6
HP projects

ipl/web is a set of common web components for php projects

2026-05-09
CVE-2026-41938
Analyzed
8.8
HP handler

Vvveb before version 1

2026-05-07
CVE-2026-41936
8.1
HP to inject

Vvveb before version 1

2026-05-07
CVE-2026-41934
Analyzed
8.8
HP handler

Vvveb before version 1

2026-05-07
CVE-2026-41930
Analyzed
9.8
HP Vvveb

Vvveb contains hard-coded credentials in its docker-compose-apache.yaml configuration, allowing unauthenticated remote access to the bundled phpMyAdmi...

2026-05-07
CVE-2026-41905
7.7
HP Multiple Products

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-05-09
CVE-2026-41904
7.6
HP Multiple Products

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-05-09
CVE-2026-41902
Analyzed
9.1
HP FreeScout

FreeScout contains a flaw in the user-setup endpoint where invite hashes do not expire, allowing unauthenticated attackers to perform permanent accoun...

2026-05-08
CVE-2026-4170
Analyzed
9.8
HP of the

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/managem...

2026-03-17
CVE-2026-41576
7.1
HP Multiple Products

Brave CMS is an open-source CMS

2026-05-10
CVE-2026-41570
7.8
HP INI settings

PHPUnit is a testing framework for PHP

2026-05-09
CVE-2026-41309
8.2
HP Multiple Products

Open Source Social Network (OSSN) is open-source social networking software developed in PHP

2026-04-24
CVE-2026-41229
Analyzed
9.1
HP string literals

An injection vulnerability in Froxlor's `PhpHelper` allows administrators to inject and execute arbitrary PHP code via unescaped string literals.

2026-04-23
CVE-2026-41228
Analyzed
9.9
HP code execution

A path traversal flaw in the Froxlor API allows authenticated customers to execute arbitrary PHP code via the `def_language` parameter.

2026-04-23
CVE-2026-41143
8.8
HP at line

YesWiki is a wiki system written in PHP

2026-05-07
CVE-2026-41064
Analyzed
9.3
HP Multiple Products

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` fo...

2026-04-22
CVE-2026-41060
7.7
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-41056
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-40909
8.7
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-22
CVE-2026-40581
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-18
CVE-2026-40569
Analyzed
9
HP Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection...

2026-04-22
CVE-2026-40568
8.5
HP Multiple Products

FreeScout is a free self-hosted help desk and shared mailbox

2026-04-22
CVE-2026-40484
Analyzed
9.1
HP Multiple Products

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive...

2026-04-18
CVE-2026-40285
8.8
HP Multiple Products

WeGIA is a web manager for charitable institutions

2026-04-18
CVE-2026-40261
8.8
HP Multiple Products

Composer is a dependency manager for PHP

2026-04-16
CVE-2026-40176
7.8
HP Multiple Products

Composer is a dependency manager for PHP

2026-04-17
CVE-2026-40044
Analyzed
9.8
HP object payloads

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialize...

2026-04-14
CVE-2026-40040
8.8
HP Multiple Products

Pachno 1

2026-04-14
CVE-2026-4001
Analyzed
9.8
HP is vulnerable

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to unauthenticated Remote Code Execution (RCE) via the PHP eval() functio...

2026-03-24
CVE-2026-39955
Analyzed
9.8
HP Cacti

The Cacti performance management framework is vulnerable to a pre-authentication SQL injection via an improperly validated input parameter in graph_vi...

2026-06-25
CVE-2026-39948
Analyzed
9.3
HP Cacti

An SQL injection vulnerability in Cacti allows unauthenticated attackers to execute arbitrary database commands via the rfilter parameter in graph_vie...

2026-06-25
CVE-2026-39918
Analyzed
9.8
HP configuration file

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized int...

2026-04-21
CVE-2026-39850
Analyzed
7.4
HP application framework

Yii 2 is a PHP application framework

2026-05-22
CVE-2026-39684
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfo...

2026-04-10
CVE-2026-39623
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife al...

2026-04-10
CVE-2026-39532
Analyzed
8.8
HP Events Calendar for GeoDirectory

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2

2026-06-16
CVE-2026-39478
Analyzed
8.8
HP Anti-Malware Security and Brute-Force Firewall

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4

2026-06-16
CVE-2026-39474
Analyzed
8.8
HP Post Duplicator

Contributor PHP Object Injection in Post Duplicator <= 3

2026-06-16
CVE-2026-39384
7.6
HP Multiple Products

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-04-09
CVE-2026-39369
7.6
HP allowed an

WWBN AVideo is an open source video platform

2026-04-09
CVE-2026-39341
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39340
8.1
HP Multiple Products

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39339
Analyzed
9.1
HP Multiple Products

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (C...

2026-04-08
CVE-2026-39337
Analyzed
10
HP code during

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's s...

2026-04-08
CVE-2026-39334
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39333
8.7
HP endpoint reflects

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39332
8.7
HP allows any

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39330
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39329
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39327
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39326
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39323
8.8
HP where the

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39319
8.8
HP in ChurchCRM

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39318
8.8
HP file contains

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39317
8.8
HP where user

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-39111
7.5
HP Multiple Products

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1

2026-04-21
CVE-2026-39110
8.2
HP Multiple Products

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1

2026-04-21
CVE-2026-39109
Analyzed
9.4
HP Multiple Products

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the log...

2026-04-21
CVE-2026-38991
8.8
HP file extension

Cockpit 2

2026-04-30
CVE-2026-38934
8.8
HP Multiple Products

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v

2026-04-28
CVE-2026-38751
7.2
HP Multiple Products

OpenSTAManager version 2

2026-05-06
CVE-2026-38581
Analyzed
9.8
HP thaipalliative_lte

A SQL injection vulnerability in thaipalliative_lte allows remote attackers to execute arbitrary SQL commands via unsanitized input in the idFormMain...

2026-06-12
CVE-2026-38532
8.1
HP endpoint of

A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController

2026-04-15
CVE-2026-38530
8.1
HP endpoint of

A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController

2026-04-15
CVE-2026-38529
8.8
HP endpoint of

A Broken Object-Level Authorization (BOLA) in the /Settings/UserController

2026-04-15
CVE-2026-38526
Analyzed
9.9
HP file

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arb...

2026-04-15
CVE-2026-3843
Analyzed
9.8
HP contains

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration...

2026-03-11
CVE-2026-3839
7.3
HP file

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability

2026-03-17
CVE-2026-3838
8.8
HP file

Unraid Update Request Path Traversal Remote Code Execution Vulnerability

2026-03-17
CVE-2026-37749
Analyzed
9.8
HP Multiple Products

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication v...

2026-04-18
CVE-2026-37709
Analyzed
9.8
HP component

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to e...

2026-05-08
CVE-2026-3765
7.3
HP Multiple Products

A vulnerability was identified in itsourcecode University Management System 1

2026-03-09
CVE-2026-3764
Analyzed
7.3
HP Client Database Management System

A vulnerability was determined in SourceCodester Client Database Management System 1

2026-03-09
CVE-2026-37637
Analyzed
9.1
HP filemanager

A critical remote code execution vulnerability exists in the filemanager.php component of Alexantr filemanager v.1.0, allowing unauthenticated attacke...

2026-06-30
CVE-2026-3762
7.3
HP of the

A vulnerability has been found in SourceCodester Client Database Management System 1

2026-03-09
CVE-2026-3760
7.3
HP Multiple Products

A vulnerability was detected in itsourcecode University Management System 1

2026-03-09
CVE-2026-3759
7.3
HP Multiple Products

A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1

2026-03-09
CVE-2026-3758
Analyzed
7.3
HP Online Art Gallery Shop

A weakness has been identified in projectworlds Online Art Gallery Shop 1

2026-03-09
CVE-2026-37552
8.4
HP Framework

Unsafe deserialization vulnerability in MixPHP Framework 2

2026-05-02
CVE-2026-3747
Analyzed
7.3
HP University Management System

A vulnerability was identified in itsourcecode University Management System 1

2026-03-09
CVE-2026-3746
Analyzed
7.3
HP Simple Responsive Tourism Website

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1

2026-03-09
CVE-2026-3744
Analyzed
7.3
HP Student Web Portal

A vulnerability has been found in code-projects Student Web Portal 1

2026-03-09
CVE-2026-37431
Analyzed
9.8
HP endpoint

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.p...

2026-05-09
CVE-2026-37347
Analyzed
9.1
HP Payroll Management and Information System

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL injection via the 'view_employee.php' file.

2026-04-17
CVE-2026-37345
Analyzed
9.8
HP Vehicle Parking Area Management System

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL injection via the 'manage_park.php' file.

2026-04-17
CVE-2026-37344
7.2
HP Multiple Products

SourceCodester Vehicle Parking Area Management System v1

2026-04-18
CVE-2026-37343
7.2
HP Multiple Products

SourceCodester Vehicle Parking Area Management System v1

2026-04-18
CVE-2026-37342
7.2
HP Multiple Products

SourceCodester Vehicle Parking Area Management System v1

2026-04-18
CVE-2026-37341
7.2
HP Multiple Products

SourceCodester Vehicle Parking Area Management System v1

2026-04-18
CVE-2026-3734
7.3
HP of the

A flaw has been found in SourceCodester Client Database Management System 1

2026-03-09
CVE-2026-37338
Analyzed
9.4
HP Simple Music Cloud Community System

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL injection via the 'view_user.php' file.

2026-04-17
CVE-2026-37337
7.3
HP Multiple Products

SourceCodester Simple Music Cloud Community System v1

2026-04-17
CVE-2026-37336
7.3
HP Multiple Products

SourceCodester Simple Music Cloud Community System v1

2026-04-17
CVE-2026-3730
Analyzed
7.3
HP Free Hotel Reservation System

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1

2026-03-09
CVE-2026-3723
Analyzed
7.3
HP Simple Flight Ticket Booking System

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1

2026-03-09
CVE-2026-3709
Analyzed
7.3
HP Multiple Products

A weakness has been identified in code-projects Simple Flight Ticket Booking System 1

2026-03-08
CVE-2026-3708
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1

2026-03-08
CVE-2026-35676
Analyzed
8.2
HP Multiple Products

phpMyFAQ before 4

2026-05-29
CVE-2026-35675
Analyzed
8.2
HP Multiple Products

phpMyFAQ before 4

2026-05-29
CVE-2026-35671
Analyzed
8.8
HP Multiple Products

phpMyFAQ before 4

2026-05-29
CVE-2026-35570
8.4
HP Multiple Products

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers

2026-04-21
CVE-2026-35567
8.8
HP is used

ChurchCRM is an open-source church management system

2026-04-08
CVE-2026-35534
7.6
HP due to

ChurchCRM is an open-source church management system

2026-04-09
CVE-2026-35470
8.8
HP files across

OpenSTAManager is an open source management software for technical assistance and invoicing

2026-04-07
CVE-2026-35395
8.8
HP Multiple Products

WeGIA is a Web manager for charitable institutions

2026-04-07
CVE-2026-35196
8.8
HP endpoint within

Chamilo LMS is an open-source learning management system

2026-04-15
CVE-2026-35182
8.8
HP Multiple Products

Brave CMS is an open-source CMS

2026-04-07
CVE-2026-35174
Analyzed
9.1
HP with database

A path traversal vulnerability in the Chyrp Lite administration console allows authenticated users to access arbitrary files and achieve remote code e...

2026-04-07
CVE-2026-35164
8.8
HP within the

Brave CMS is an open-source CMS

2026-04-07
CVE-2026-34965
8.8
HP code into

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticat...

2026-04-30
CVE-2026-34731
7.5
HP endpoint in

WWBN AVideo is an open source video platform

2026-04-01
CVE-2026-34728
Analyzed
8.7
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2026-04-03
CVE-2026-3452
7.2
HP object injection

Concrete CMS below version 9

2026-03-05
CVE-2026-34415
Analyzed
9.8
HP code

Xerte Online Toolkits 3.15 and earlier allow unauthenticated attackers to upload and execute malicious PHP code via an elFinder connector flaw.

2026-04-23
CVE-2026-34414
7.1
HP where the

Xerte Online Toolkits versions 3

2026-04-24
CVE-2026-34413
8.6
HP where an

Xerte Online Toolkits versions 3

2026-04-23
CVE-2026-34402
8.1
HP endpoint to

ChurchCRM is an open-source church management system

2026-04-07
CVE-2026-34394
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-04-01
CVE-2026-34375
8.2
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-28
CVE-2026-34236
8.2
HP is

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs

2026-04-02
CVE-2026-34234
Analyzed
10
HP CtrlPanel

CtrlPanel contains an unauthenticated Remote Code Execution (RCE) vulnerability in its web-based installer, allowing attackers to execute arbitrary co...

2026-05-20
CVE-2026-34160
8.6
HP is accessible

Chamilo LMS is an open-source learning management system

2026-04-15
CVE-2026-3413
Analyzed
7.3
HP University Management System

A flaw has been found in itsourcecode University Management System 1

2026-03-02
CVE-2026-34117
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the text_to_subtitles.php script of the Guardian language-system, allowing unauthenticated rem...

2026-07-02
CVE-2026-34116
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the transcribe.php script of the Guardian language-system, allowing unauthenticated remote cod...

2026-07-02
CVE-2026-34115
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the transcribe_amazon.php file of the Guardian language-system due to improper sanitizati...

2026-07-02
CVE-2026-34114
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the translate_text.php file of the Guardian language-system due to improper sanitization...

2026-07-02
CVE-2026-34113
Analyzed
9.8
HP Language-system

An unauthenticated command injection vulnerability exists in the speech_text.php file of the Guardian language-system due to improper sanitization of...

2026-07-02
CVE-2026-34112
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in speechmac.php allows remote attackers to execute arbitrary OS commands via the 'id' parameter.

2026-07-02
CVE-2026-34111
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in speechmac_text.php allows remote attackers to execute arbitrary OS commands via the 'id' paramet...

2026-07-02
CVE-2026-34110
Analyzed
9.8
HP Language-System

An unauthenticated command injection vulnerability in complex_start.php allows remote attackers to execute arbitrary OS commands via the 'id' paramete...

2026-07-02
CVE-2026-3411
Analyzed
7.3
HP University Management System

A security vulnerability has been detected in itsourcecode University Management System 1

2026-03-02
CVE-2026-34109
Analyzed
9.8
HP Language-system

The Guardian language-system is vulnerable to unauthenticated remote code execution due to improper sanitization of the 'id' parameter in speech.php.

2026-07-02
CVE-2026-34108
Analyzed
9.8
HP Language-system

The Guardian language-system is vulnerable to unauthenticated remote code execution due to improper sanitization of the 'id' parameter in text.php.

2026-07-02
CVE-2026-34107
Analyzed
9.8
HP language-system

An unauthenticated remote command injection vulnerability exists in the language-system translate.php script, allowing attackers to execute arbitrary...

2026-07-02
CVE-2026-34106
Analyzed
9.8
HP language-system

A critical OS command injection vulnerability exists in the subtitles.php script of the Guardian language-system, allowing unauthenticated remote code...

2026-07-02
CVE-2026-34105
Analyzed
9.8
HP language-system

The Guardian language-system contains an error-based SQL injection vulnerability in translate_text.php, allowing authenticated users to extract databa...

2026-07-02
CVE-2026-34104
Analyzed
9.8
HP language-system

The Guardian language-system is vulnerable to error-based SQL injection via the 'name' GET parameter in designer.php, allowing authenticated attackers...

2026-07-02
CVE-2026-34103
Analyzed
9.8
HP language-system

Guardian language-system is vulnerable to error-based SQL injection in subtitles.php, stemming from the unsanitized 'id' GET parameter.

2026-07-02
CVE-2026-34102
Analyzed
9.8
HP language-system

Guardian language-system contains an error-based SQL injection vulnerability in job_info_get.php, where the 'id' parameter is processed without proper...

2026-07-02
CVE-2026-34101
Analyzed
9.8
HP language-system

Guardian language-system is vulnerable to error-based SQL injection via the 'id' GET parameter in text_file.php, allowing authenticated attackers to e...

2026-07-02
CVE-2026-34100
Analyzed
9.8
HP Language-system

The Guardian language-system contains an authenticated error-based SQL injection vulnerability in media.php, allowing an attacker to extract database...

2026-07-02
CVE-2026-3410
Analyzed
7.3
HP Society Management System

A weakness has been identified in itsourcecode Society Management System 1

2026-03-02
CVE-2026-34099
Analyzed
9.8
HP Language-system

The Guardian language-system is affected by an unauthenticated error-based SQL injection vulnerability in job_info.php, allowing unauthorized database...

2026-07-02
CVE-2026-3406
Analyzed
7.3
HP of the

A vulnerability was found in projectworlds Online Art Gallery Shop 1

2026-03-02
CVE-2026-34055
8.1
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-26
CVE-2026-33991
8.8
HP Multiple Products

WeGIA is a web manager for charitable institutions

2026-03-28
CVE-2026-33942
Analyzed
9.8
HP library that

Saloon versions prior to 4.0.0 are vulnerable to PHP Object Injection via insecure use of unserialize() in the AccessTokenAuthenticator class, potenti...

2026-03-27
CVE-2026-33918
7.6
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-26
CVE-2026-33719
8.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33717
8.8
HP file persistently

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33716
Analyzed
9.4
HP AVideo

WWBN AVideo contains an authentication bypass in the Live plugin's standalone control endpoint. Attackers can redirect token verification to a malicio...

2026-03-24
CVE-2026-33702
7.1
HP accepts

Chamilo LMS is a learning management system

2026-04-12
CVE-2026-33687
8.8
HP files unless

Sharp is a content management framework built for Laravel as a package

2026-03-27
CVE-2026-33686
8.8
HP Multiple Products

Sharp is a content management framework built for Laravel as a package

2026-03-27
CVE-2026-33661
8.6
HP Multiple Products

Pay is an open-source payment SDK extension package for various Chinese payment services

2026-03-27
CVE-2026-33651
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33650
7.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33649
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33647
8.8
HP code

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33618
8.8
HP code into

Chamilo LMS is a learning management system

2026-04-11
CVE-2026-3352
7.2
HP is vulnerable

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1

2026-03-08
CVE-2026-33513
8.6
HP files under

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33512
7.5
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33507
8.8
HP code

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33502
Analyzed
9.3
HP AVideo

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in WWBN AVideo's Live plugin allows attackers to probe internal networks and cloud...

2026-03-24
CVE-2026-33492
7.3
HP session

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33488
7.4
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33483
7.5
HP script with

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33482
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33480
8.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33479
8.8
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33478
Analyzed
10
HP AVideo

WWBN AVideo contains a vulnerability chain allowing unauthenticated remote code execution via exposed clone secrets, database dumps, and OS command in...

2026-03-24
CVE-2026-33399
7.7
HP executes

Wallos is an open-source, self-hostable personal subscription tracker

2026-03-25
CVE-2026-33354
7.6
HP Multiple Products

WWBN AVideo is an open source video platform

2026-03-24
CVE-2026-33352
Analyzed
9.8
HP AVideo

WWBN AVideo is vulnerable to an unauthenticated SQL injection in the getAllCategories() method due to insufficient sanitization of the doNotShowCats p...

2026-03-24
CVE-2026-33351
Analyzed
9.1
HP AVideo (Live plugin)

WWBN AVideo is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) via the `webSiteRootURL` parameter. Attackers can use the server to fe...

2026-03-24
CVE-2026-33346
8.7
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-03-20
CVE-2026-33297
Analyzed
9.1
HP AVideo (CustomizeUser plugin)

A logic error in AVideo's CustomizeUser plugin causes non-numeric passwords to be stored as "0". This allows any visitor to bypass channel access cont...

2026-03-24
CVE-2026-33293
Analyzed
8.1
HP AVideo

WWBN AVideo is an open source video platform

2026-03-23
CVE-2026-33204
7.5
HP Multiple Products

SimpleJWT is a simple JSON web token library written in PHP

2026-03-22
CVE-2026-33136
Analyzed
9.3
HP endpoint

A Reflected XSS vulnerability in WeGIA's listar_memorandos_ativos.php endpoint allows attackers to inject malicious JavaScript via the sccd GET parame...

2026-03-21
CVE-2026-33135
Analyzed
9.3
HP endpoint

WeGIA versions 3.6.6 and below are vulnerable to Reflected Cross-Site Scripting (XSS) in the novo_memorandoo.php endpoint, allowing arbitrary JavaScri...

2026-03-21
CVE-2026-33134
Analyzed
9.3
HP endpoint

WeGIA versions 3.6.5 and below contain an authenticated SQL injection vulnerability in the restaurar_produto.php endpoint, potentially leading to full...

2026-03-21
CVE-2026-33043
8.1
HP exposes the

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33039
8.6
HP endpoint validates

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-33038
8.1
HP endpoint

WWBN AVideo is an open source video platform

2026-03-20
CVE-2026-3300
Analyzed
9.8
HP is vulnerable

Everest Forms Pro is vulnerable to unauthenticated Remote Code Execution via PHP Code Injection in its Calculation Addon, allowing attackers to execut...

2026-03-31
CVE-2026-32985
Analyzed
9.8
HP Multiple Products

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. T...

2026-03-20
CVE-2026-3296
Analyzed
9.8
HP is vulnerable

The Everest Forms WordPress plugin is vulnerable to PHP Object Injection via unsafe deserialization of user-supplied form metadata.

2026-04-08
CVE-2026-32931
7.5
HP webshell by

Chamilo LMS is a learning management system

2026-04-12
CVE-2026-32892
Analyzed
9.1
HP passes user

Chamilo LMS contains an OS Command Injection vulnerability in its file move function, allowing authenticated users to execute arbitrary commands on th...

2026-04-11
CVE-2026-32888
8.8
HP functionality

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework

2026-03-20
CVE-2026-32817
Analyzed
9.1
HP only perform

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the curren...

2026-03-20
CVE-2026-32756
8.8
HP scripts

Admidio is an open-source user management solution

2026-03-20
CVE-2026-32754
Analyzed
9.3
HP Multiple Products

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scri...

2026-03-20
CVE-2026-3261
7.3
HP of the

A flaw has been found in itsourcecode School Management System 1

2026-02-27
CVE-2026-32539
Analyzed
9.3
HP PublishPress Revisions

PublishPress Revisions is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands. This affects versions...

2026-03-26
CVE-2026-32536
Analyzed
9.9
HP Green Downloads

Green Downloads allows unrestricted upload of files with dangerous types, enabling the use of malicious files. This affects versions up to 2.08.

2026-03-26
CVE-2026-32531
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP...

2026-03-26
CVE-2026-32525
Analyzed
9.9
HP JetFormBuilder

JetFormBuilder is vulnerable to Code Injection due to improper control of code generation. This affects versions up to and including 3.5.6.1.

2026-03-26
CVE-2026-32426
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core med...

2026-03-14
CVE-2026-32400
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldma...

2026-03-14
CVE-2026-32321
8.8
HP Multiple Products

ClipBucket v5 is an open source video sharing platform

2026-03-19
CVE-2026-32313
8.2
HP for working

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures

2026-03-17
CVE-2026-31940
7.5
HP session ID

Chamilo LMS is a learning management system

2026-04-12
CVE-2026-31939
8.3
HP leading to

Chamilo LMS is a learning management system

2026-04-11
CVE-2026-31896
Analyzed
9.8
HP script uses

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. Th...

2026-03-12
CVE-2026-31895
8.8
HP Multiple Products

WeGIA is a web manager for charitable institutions

2026-03-12
CVE-2026-31891
7.7
HP Multiple Products

Cockpit is a headless content management system

2026-03-18
CVE-2026-31845
Analyzed
9.3
HP CRM

A reflected XSS vulnerability in the Rukovoditel CRM Zadarma telephony API allows unauthenticated attackers to execute malicious scripts.

2026-04-12
CVE-2026-31843
Analyzed
9.8
HP payment hook

The pay-uz Laravel package contains an unauthenticated remote code execution vulnerability via the /payment/api/editable/update endpoint.

2026-04-17
CVE-2026-3164
7.3
HP Multiple Products

A vulnerability was found in itsourcecode News Portal Project 1

2026-02-25
CVE-2026-3153
7.3
HP Multiple Products

A vulnerability has been found in itsourcecode Document Management System 1

2026-02-25
CVE-2026-3152
7.3
HP Multiple Products

A flaw has been found in itsourcecode College Management System 1

2026-02-25
CVE-2026-3151
7.3
HP Multiple Products

A vulnerability was detected in itsourcecode College Management System 1

2026-02-25
CVE-2026-3148
7.3
HP Multiple Products

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1

2026-02-25
CVE-2026-3135
7.3
HP Multiple Products

A weakness has been identified in itsourcecode News Portal Project 1

2026-02-25
CVE-2026-3134
7.3
HP Multiple Products

A security flaw has been discovered in itsourcecode News Portal Project 1

2026-02-25
CVE-2026-3133
7.3
HP of the

A vulnerability has been found in itsourcecode Document Management System 1

2026-02-25
CVE-2026-31019
8.8
HP functions related

In the Website module of Dolibarr ERP & CRM 22

2026-04-22
CVE-2026-31018
8.8
HP code detection

In Dolibarr ERP & CRM <= 22

2026-04-22
CVE-2026-30996
7.5
HP of SAC

An issue in the file handling logic of the component download

2026-04-17
CVE-2026-30995
8.6
HP endpoint

Slah CMS v1

2026-04-16
CVE-2026-30994
7.5
HP component of

Incorrect access control in the config

2026-04-17
CVE-2026-30940
7.2
HP file in

baserCMS is a website development framework

2026-03-31
CVE-2026-30875
8.8
HP files with

Chamilo LMS is a learning management system

2026-03-17
CVE-2026-3069
7.3
HP Multiple Products

A security vulnerability has been detected in itsourcecode Document Management System 1

2026-02-24
CVE-2026-3068
7.3
HP Multiple Products

A weakness has been identified in itsourcecode Document Management System 1

2026-02-24
CVE-2026-30643
Analyzed
9.8
HP DedeCMS

A Remote Code Execution (RCE) vulnerability exists in DedeCMS 5.7.118. Attackers can execute arbitrary code by utilizing crafted setup tag values duri...

2026-04-02
CVE-2026-30637
7.5
HP in OTCMS

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read

2026-03-29
CVE-2026-30576
7.5
HP file

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

2026-03-29
CVE-2026-30575
7.5
HP file

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

2026-03-29
CVE-2026-30574
7.5
HP file

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

2026-03-29
CVE-2026-30573
7.5
HP file

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

2026-04-02
CVE-2026-30562
Analyzed
9.3
HP file via

SourceCodester Sales and Inventory System 1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) via the 'msg' parameter in add_stock.php due to in...

2026-03-31
CVE-2026-30534
8.3
HP via the

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

2026-03-28
CVE-2026-30533
Analyzed
9.8
HP file via

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 within the admin/manage_product.php file via the "id" paramete...

2026-03-28
CVE-2026-30532
Analyzed
9.8
HP file via

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 within the admin/view_product.php file via the "id" parameter.

2026-03-28
CVE-2026-30531
8.8
HP file

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

2026-03-28
CVE-2026-30530
Analyzed
9.8
HP file

SourceCodester Online Food Ordering System v1.0 contains a critical SQL injection vulnerability in the `save_customer` action within `Actions.php`.

2026-03-28
CVE-2026-30529
8.8
HP file

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

2026-03-28
CVE-2026-30463
7.7
HP component

Daylight Studio FuelCMS v1

2026-03-28
CVE-2026-30461
8.3
HP and the

Daylight Studio FuelCMS v1

2026-04-17
CVE-2026-3046
7.3
HP Multiple Products

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1

2026-02-24
CVE-2026-3042
7.3
HP Multiple Products

A vulnerability was detected in itsourcecode Event Management System 1

2026-02-24
CVE-2026-3017
7.2
HP is vulnerable

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all ver...

2026-04-14
CVE-2026-29963
Analyzed
7.5
HP endpoint

HSC MailInspector 5

2026-05-20
CVE-2026-29962
Analyzed
7.5
HP processes user

HSC MailInspector v5

2026-05-20
CVE-2026-29925
7.7
HP Multiple Products

Invoice Ninja v5

2026-03-31
CVE-2026-29839
8.8
HP Multiple Products

DedeCMS v5

2026-03-25
CVE-2026-2983
7.3
HP of the

A vulnerability was determined in SourceCodester Student Result Management System 1

2026-02-24
CVE-2026-29789
Analyzed
9.9
HP applications into

Vito versions prior to 3.20.3 contain a missing authorization check in workflow site-creation actions, allowing authenticated attackers to manage site...

2026-03-07
CVE-2026-2952
7.3
HP of the

A flaw has been found in Vaelsys 4

2026-02-23
CVE-2026-2944
7.3
HP of the

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1

2026-02-23
CVE-2026-2938
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in SourceCodester Student Result Management System 1

2026-02-22
CVE-2026-29204
Analyzed
9.1
HP Multiple Products

Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without an...

2026-05-13
CVE-2026-29199
8.1
HP Multiple Products

phpBB before 3

2026-05-05
CVE-2026-2912
Analyzed
7.3
HP Multiple Products

A vulnerability was found in code-projects Online Reviewer System 1

2026-02-22
CVE-2026-29103
Analyzed
9.1
HP regarding PHP

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulne...

2026-03-20
CVE-2026-29099
8.8
HP Multiple Products

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application

2026-03-20
CVE-2026-29093
8.1
HP to store

WWBN AVideo is an open source video platform

2026-03-07
CVE-2026-29014
Analyzed
9.8
HP code injection

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary c...

2026-04-02
CVE-2026-2896
7.3
HP of the

A weakness has been identified in funadmin up to 7

2026-02-22
CVE-2026-28815
Analyzed
7.5
HP X-Wing HPKE Implementation

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a...

2026-04-04
CVE-2026-2867
Analyzed
7.3
HP Multiple Products

A vulnerability was determined in itsourcecode Vehicle Management System 1

2026-02-22
CVE-2026-2865
7.3
HP of the

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1

2026-02-21
CVE-2026-28501
Analyzed
9.8
HP and objects

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the object...

2026-03-06
CVE-2026-28495
Analyzed
9.6
HP configuration file

GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administra...

2026-03-11
CVE-2026-2848
7.3
HP Multiple Products

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1

2026-02-21
CVE-2026-28429
7.5
HP component can

Talishar is a fan-made Flesh and Blood project

2026-03-07
CVE-2026-28411
Analyzed
9.8
HP scripts

Unsafe use of the PHP extract() function in WeGIA allows unauthenticated attackers to overwrite local variables and bypass administrative authenticati...

2026-02-28
CVE-2026-28408
Analyzed
9.8
HP does not

A missing authentication and permission check in WeGIA allows unauthenticated attackers to inject massive amounts of unauthorized data into the applic...

2026-02-28
CVE-2026-28289
Analyzed
10
HP FreeScout

A TOCTOU flaw in FreeScout's file upload sanitization allows authenticated users to achieve RCE by uploading malicious .htaccess files using zero-widt...

2026-03-04
CVE-2026-28129
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies li...

2026-03-06
CVE-2026-28128
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows P...

2026-03-06
CVE-2026-28125
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows...

2026-03-06
CVE-2026-28124
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notariu...

2026-03-06
CVE-2026-28123
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows...

2026-03-06
CVE-2026-28121
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson anderso...

2026-03-06
CVE-2026-28120
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr

2026-03-06
CVE-2026-28119
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana a...

2026-03-06
CVE-2026-28118
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone...

2026-03-06
CVE-2026-28117
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSE...

2026-03-06
CVE-2026-28107
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Muzicon muzicon allo...

2026-03-06
CVE-2026-28098
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Save Life save-life...

2026-03-06
CVE-2026-28097
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Artrium artrium allo...

2026-03-06
CVE-2026-28096
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX WealthCo wealthco al...

2026-03-06
CVE-2026-28095
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Marcell marcell allo...

2026-03-06
CVE-2026-28094
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX RexCoin rexcoin allo...

2026-03-06
CVE-2026-28093
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Ozisti ozisti allows...

2026-03-06
CVE-2026-28092
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Sounder sounder allo...

2026-03-06
CVE-2026-28091
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coleo coleo allows P...

2026-03-06
CVE-2026-28090
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gamezone gamezone al...

2026-03-06
CVE-2026-28089
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Daiquiri daiquiri al...

2026-03-06
CVE-2026-28088
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aqualots aqualots al...

2026-03-06
CVE-2026-28087
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Filmax filmax allows...

2026-03-06
CVE-2026-28086
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran al...

2026-03-06
CVE-2026-28085
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mahogany mahogany al...

2026-03-06
CVE-2026-28084
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bazinga bazinga allo...

2026-03-06
CVE-2026-28081
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Windsor windsor allo...

2026-03-06
CVE-2026-28079
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Conquerors conque...

2026-03-06
CVE-2026-28077
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vapester vapester al...

2026-03-06
CVE-2026-28069
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Le Truffe letruffe a...

2026-03-06
CVE-2026-28068
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Rhythmo rhythmo allo...

2026-03-06
CVE-2026-28067
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bassein bassein allo...

2026-03-06
CVE-2026-28066
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legrand legrand allo...

2026-03-06
CVE-2026-28065
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Eject eject allows P...

2026-03-06
CVE-2026-28064
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Edge Decor edge-deco...

2026-03-06
CVE-2026-28063
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Asia Garden asia-gar...

2026-03-06
CVE-2026-28062
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Happy Baby happy-bab...

2026-03-06
CVE-2026-28061
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tiger Claw tiger-cla...

2026-03-06
CVE-2026-28060
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX S

2026-03-06
CVE-2026-28059
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic d...

2026-03-06
CVE-2026-28058
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dixon dixon allows P...

2026-03-06
CVE-2026-28057
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allo...

2026-03-06
CVE-2026-28056
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics...

2026-03-06
CVE-2026-28054
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-st...

2026-03-06
CVE-2026-28053
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Miller christine-mil...

2026-03-06
CVE-2026-28052
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermas...

2026-03-06
CVE-2026-28051
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-r...

2026-03-06
CVE-2026-28049
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Police Department po...

2026-03-06
CVE-2026-28047
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows...

2026-03-06
CVE-2026-28045
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX N7 | Golf Club Sport...

2026-03-06
CVE-2026-28012
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron al...

2026-03-06
CVE-2026-28010
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia al...

2026-03-06
CVE-2026-28007
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress...

2026-03-06
CVE-2026-27894
8.8
HP files and

LDAP Account Manager (LAM) is a webfrontend for managing entries (e

2026-03-18
CVE-2026-27836
Analyzed
7.5
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2026-02-28
CVE-2026-27833
Analyzed
7.5
HP API method

Piwigo is an open source photo gallery application for the web

2026-04-04
CVE-2026-27760
8.1
HP code injection

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to e...

2026-04-29
CVE-2026-27732
8.1
HP Multiple Products

WWBN AVideo is an open source video platform

2026-02-26
CVE-2026-27637
Analyzed
9.8
HP FreeScout

A critical authentication bypass in FreeScout allows attackers to compute valid session tokens and take over any user account, including administrator...

2026-02-25
CVE-2026-27636
8.8
HP servers with

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

2026-02-25
CVE-2026-27591
Analyzed
9.9
HP framework

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS all...

2026-03-12
CVE-2026-27540
Analyzed
9
HP Woocommerce Wholesale Lead Capture

The Woocommerce Wholesale Lead Capture plugin allows for the unrestricted upload of files with dangerous types, enabling attackers to upload and execu...

2026-03-19
CVE-2026-27470
8.8
HP file within

ZoneMinder is a free, open source closed-circuit television software application

2026-02-21
CVE-2026-27414
Analyzed
8.8
HP Werkstatt

Contributor PHP Object Injection in Werkstatt <= 4

2026-07-03
CVE-2026-27343
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact...

2026-02-21
CVE-2026-27206
8.1
HP variables in

Zumba Json Serializer is a library to serialize PHP variables in JSON format

2026-02-21
CVE-2026-27180
Analyzed
9.8
HP files

MajorDoMo is vulnerable to unauthenticated remote code execution via update URL poisoning, allowing an attacker to force the system to download and ex...

2026-02-19
CVE-2026-27178
7.2
HP rendering code

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox

2026-02-19
CVE-2026-27177
7.2
HP Multiple Products

MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intention...

2026-02-19
CVE-2026-27175
Analyzed
9.8
HP script

MajorDoMo is vulnerable to unauthenticated remote code execution via a race condition and unsanitized user input in the rc/index.php and cycle_execs.p...

2026-02-19
CVE-2026-27174
Analyzed
9.8
HP console feature

MajorDoMo allows unauthenticated remote code execution via the admin panel's PHP console due to a logic error that bypasses authentication and passes...

2026-02-19
CVE-2026-27093
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Lo...

2026-03-19
CVE-2026-27065
Analyzed
9.8
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows...

2026-03-20
CVE-2026-27060
Analyzed
8.8
HP ARMember Premium

Contributor PHP Object Injection in ARMember Premium <= 7

2026-07-03
CVE-2026-27053
Analyzed
9.8
HP Broadcast Live Video

An unauthenticated PHP object injection vulnerability in the Broadcast Live Video plugin for WordPress allows remote code execution.

2026-06-16
CVE-2026-27052
7.5
HP sctv

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Ti...

2026-02-20
CVE-2026-27044
Analyzed
9.9
HP Total Poll Lite

Total Poll Lite is vulnerable to Remote Code Inclusion (RCI) due to improper control of code generation. This affects versions up to and including 4.1...

2026-03-26
CVE-2026-27012
Analyzed
9.8
HP OpenSTAManager

An authentication bypass in OpenSTAManager allows attackers to arbitrarily modify user groups, leading to full administrative privilege escalation.

2026-03-04
CVE-2026-2701
Analyzed
9.1
HP Affected Software

An authenticated file upload vulnerability allows attackers to upload and execute malicious files, leading to remote code execution on the server.

2026-04-03
CVE-2026-26990
8.8
HP Multiple Products

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool

2026-02-20
CVE-2026-26988
Analyzed
9.1
HP LibreNMS

LibreNMS contains an SQL injection vulnerability in the ajax_table.php endpoint due to improper sanitization of IPv6 address parameters, allowing unau...

2026-02-21
CVE-2026-2691
7.3
HP Multiple Products

A vulnerability has been found in itsourcecode Event Management System 1

2026-02-20
CVE-2026-2690
7.3
HP Multiple Products

A flaw has been found in itsourcecode Event Management System 1

2026-02-20
CVE-2026-2689
7.3
HP Multiple Products

A vulnerability was detected in itsourcecode Event Management System 1

2026-02-20
CVE-2026-26713
Analyzed
9.8
HP Simple Food Order System

The Simple Food Order System v1.0 contains a critical SQL Injection vulnerability in the cancel-order.php script, posing a risk of unauthorized databa...

2026-03-03
CVE-2026-26712
Analyzed
9.8
HP Simple Food Order System

The Simple Food Order System v1.0 is vulnerable to SQL Injection in the view-ticket-admin.php file, allowing attackers to compromise the administrativ...

2026-03-03
CVE-2026-26711
Analyzed
9.8
HP Simple Food Order System

Simple Food Order System v1.0 is vulnerable to SQL Injection in the view-ticket.php file, allowing unauthenticated attackers to extract sensitive info...

2026-03-03
CVE-2026-26710
Analyzed
9.8
HP Simple Food Order System

The Simple Food Order System v1.0 is vulnerable to a critical SQL Injection in the edit-orders.php router, allowing for full database compromise.

2026-03-03
CVE-2026-26699
8.8
HP Multiple Products

sourcecodester Personnel Property Equipment System v1

2026-03-03
CVE-2026-26477
Analyzed
7.5
HP file

An issue in Dokuwiki v

2026-04-04
CVE-2026-2599
Analyzed
9.8
HP is vulnerable

The Database for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection via the 'download_csv' function. This could lead to code ex...

2026-03-06
CVE-2026-25892
7.5
HP converts to

Adminer is open-source database management software

2026-02-10
CVE-2026-25548
Analyzed
9.1
HP code

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerabili...

2026-02-19
CVE-2026-25510
Analyzed
9.9
HP CMS Skeleton

An authenticated user with file editor permissions in CI4MS can achieve Remote Code Execution (RCE) by uploading and executing arbitrary PHP code via...

2026-02-04
CVE-2026-25476
7.5
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-26
CVE-2026-25449
Analyzed
9.8
HP Traveler

The Traveler theme/plugin by Shinetheme is vulnerable to PHP Object Injection via deserialization of untrusted data, potentially leading to remote cod...

2026-03-19
CVE-2026-25447
Analyzed
9.1
HP Widget Wrangler

Widget Wrangler is vulnerable to Code Injection due to improper control of code generation. This affects versions up to and including 2.3.9.

2026-03-26
CVE-2026-25366
Analyzed
9.9
HP allows Code

The Woody ad snippets plugin for WordPress is vulnerable to code injection. Attackers can exploit the insert-php component to execute arbitrary code o...

2026-03-26
CVE-2026-2533
Analyzed
7.3
HP Self-service Washing Machine 4

A flaw has been found in Tosei Self-service Washing Machine 4

2026-02-16
CVE-2026-25232
8.8
HP Multiple Products

Gogs is an open source self-hosted Git service

2026-02-20
CVE-2026-25164
8.1
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-26
CVE-2026-25147
Analyzed
7.1
HP Multiple Products

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-28
CVE-2026-25131
8.8
HP endpoint

OpenEMR is a free and open source electronic health records and medical practice management application

2026-02-25
CVE-2026-25027
Analyzed
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp all...

2026-02-05
CVE-2026-24897
Analyzed
10
HP Multiple Products

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files...

2026-01-29
CVE-2026-24892
7.5
HP deserialization pattern

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

2026-02-21
CVE-2026-24891
7.5
HP Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

2026-02-21
CVE-2026-24849
Analyzed
9.9
HP OpenEMR

An arbitrary file read vulnerability in OpenEMR allows any authenticated user to access sensitive files on the server filesystem via the EtherFax comp...

2026-02-25
CVE-2026-24765
Analyzed
7.8
HP Multiple Products

PHPUnit is a testing framework for PHP

2026-01-28
CVE-2026-2471
Analyzed
7.5
HP is vulnerable

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1

2026-02-28
CVE-2026-2469
7.6
HP due to

Versions of the package directorytree/imapengine before 1

2026-02-14
CVE-2026-24635
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edubl...

2026-01-24
CVE-2026-24609
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent...

2026-01-24
CVE-2026-24608
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core la...

2026-01-24
CVE-2026-24444
Analyzed
9.8
HP Multiple Products

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interfac...

2026-05-29
CVE-2026-24425
Analyzed
8.8
HP callables to

Twig versions 2

2026-05-21
CVE-2026-23843
Analyzed
7.1
HP Multiple Products

teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients

2026-01-20
CVE-2026-23836
Analyzed
9.9
HP Multiple Products

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formu...

2026-01-20
CVE-2026-23818
8.8
HP Multiple Products

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker...

2026-04-08
CVE-2026-23813
Analyzed
9.8
HP AOS-CX switches

An unauthenticated remote attacker can bypass authentication controls on AOS-CX switches, potentially allowing them to reset the administrative passwo...

2026-03-11
CVE-2026-23722
Analyzed
9.1
HP Multiple Products

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA s...

2026-01-17
CVE-2026-23599
7.8
HP Multiple Products

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux

2026-02-18
CVE-2026-23593
Analyzed
7.5
HP Multiple Products

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view s...

2026-01-28
CVE-2026-23592
Analyzed
7.2
HP Multiple Products

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code e...

2026-01-28
CVE-2026-23524
Analyzed
9.8
HP Multiple Products

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the...

2026-01-22
CVE-2026-23489
Analyzed
9.1
HP code from

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP c...

2026-03-17
CVE-2026-22753
7.5
HP Multiple Products

Vulnerability in Spring Spring Security

2026-04-23
CVE-2026-22704
Analyzed
8
HP Multiple Products

HAX CMS helps manage microsite universe with PHP or NodeJs backends

2026-01-10
CVE-2026-22521
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework al...

2026-01-09
CVE-2026-22511
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat...

2026-03-27
CVE-2026-22509
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia all...

2026-03-27
CVE-2026-22508
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalu...

2026-03-27
CVE-2026-22506
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli all...

2026-03-27
CVE-2026-22504
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua...

2026-03-27
CVE-2026-22503
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows...

2026-03-27
CVE-2026-22502
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr

2026-03-27
CVE-2026-22499
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella all...

2026-03-27
CVE-2026-22498
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent...

2026-03-27
CVE-2026-22496
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hyp...

2026-03-27
CVE-2026-22495
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville green...

2026-03-27
CVE-2026-22494
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-home...

2026-03-27
CVE-2026-22493
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard...

2026-03-27
CVE-2026-22380
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimh...

2026-02-21
CVE-2026-22378
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber...

2026-02-21
CVE-2026-22376
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivi...

2026-02-21
CVE-2026-22374
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioa...

2026-02-21
CVE-2026-22372
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allo...

2026-02-21
CVE-2026-22370
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marvela...

2026-02-21
CVE-2026-22368
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows...

2026-02-21
CVE-2026-22366
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows...

2026-02-21
CVE-2026-22364
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees sevent...

2026-02-21
CVE-2026-22362
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia...

2026-02-21
CVE-2026-22324
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP L...

2026-03-21
CVE-2026-2225
7.3
HP of the

A flaw has been found in itsourcecode News Portal Project 1

2026-02-09
CVE-2026-22248
8
HP instantiation

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing

2026-03-12
CVE-2026-2223
7.3
HP Multiple Products

A security vulnerability has been detected in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2221
7.3
HP of the

A security flaw has been discovered in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-22206
8.8
HP tag processing

SPIP versions prior to 4

2026-02-28
CVE-2026-22205
7.5
HP type juggling

SPIP versions prior to 4

2026-02-28
CVE-2026-2220
7.3
HP Multiple Products

A vulnerability was identified in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-22182
7.5
HP endpoint with

wpDiscuz before 7

2026-03-14
CVE-2026-2217
7.3
HP Multiple Products

A vulnerability was found in itsourcecode Event Management System 1

2026-02-09
CVE-2026-2212
7.3
HP Multiple Products

A vulnerability was identified in code-projects Online Music Site 1

2026-02-09
CVE-2026-2211
7.3
HP Multiple Products

A vulnerability was determined in code-projects Online Music Site 1

2026-02-09
CVE-2026-2199
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2198
7.3
HP Multiple Products

A vulnerability was identified in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2197
7.3
HP Multiple Products

A vulnerability was determined in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2196
7.3
HP Multiple Products

A vulnerability was found in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2195
7.3
HP Multiple Products

A vulnerability has been found in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2190
7.3
HP Multiple Products

A security flaw has been discovered in itsourcecode School Management System 1

2026-02-09
CVE-2026-2189
7.3
HP Multiple Products

A vulnerability was identified in itsourcecode School Management System 1

2026-02-09
CVE-2026-21875
Analyzed
9.8
HP Multiple Products

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add...

2026-01-08
CVE-2026-21861
Analyzed
9.1
HP baserCMS

baserCMS contains an OS command injection vulnerability in its core update functionality, allowing authenticated administrators to execute arbitrary c...

2026-03-31
CVE-2026-2184
7.3
HP Multiple Products

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73

2026-02-09
CVE-2026-2173
7.3
HP Multiple Products

A vulnerability was identified in code-projects Online Examination System 1

2026-02-09
CVE-2026-2172
7.3
HP of the

A vulnerability was determined in code-projects Online Application System for Admission 1

2026-02-09
CVE-2026-2171
7.3
HP of the

A vulnerability was found in code-projects Online Student Management System 1

2026-02-09
CVE-2026-2166
7.3
HP of the

A security vulnerability has been detected in code-projects Online Reviewer System 1

2026-02-09
CVE-2026-2165
7.3
HP of the

A weakness has been identified in detronetdip E-commerce 1

2026-02-09
CVE-2026-2164
7.3
HP Multiple Products

A security flaw has been discovered in detronetdip E-commerce 1

2026-02-09
CVE-2026-2161
7.3
HP Multiple Products

A vulnerability was found in itsourcecode Directory Management System 1

2026-02-09
CVE-2026-2158
7.3
HP Multiple Products

A vulnerability was detected in code-projects Student Web Portal 1

2026-02-09
CVE-2026-2152
7.2
HP of the

A vulnerability was found in D-Link DIR-615 4

2026-02-09
CVE-2026-2151
7.2
HP of the

A vulnerability has been found in D-Link DIR-615 4

2026-02-09
CVE-2026-2136
7.3
HP Multiple Products

A flaw has been found in projectworlds Online Food Ordering System 1

2026-02-08
CVE-2026-2133
7.3
HP Multiple Products

A weakness has been identified in code-projects Online Music Site 1

2026-02-08
CVE-2026-2132
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Online Music Site 1

2026-02-08
CVE-2026-2117
7.3
HP Multiple Products

A vulnerability was found in itsourcecode Society Management System 1

2026-02-08
CVE-2026-2116
7.3
HP Multiple Products

A vulnerability has been found in itsourcecode Society Management System 1

2026-02-08
CVE-2026-2115
7.3
HP Multiple Products

A flaw has been found in itsourcecode Society Management System 1

2026-02-08
CVE-2026-2114
Analyzed
7.3
HP Multiple Products

A vulnerability was detected in itsourcecode Society Management System 1

2026-02-08
CVE-2026-2113
7.3
HP of the

A security vulnerability has been detected in yuan1994 tpadmin up to 1

2026-02-08
CVE-2026-2089
Analyzed
7.3
HP Multiple Products

A vulnerability was found in SourceCodester Online Class Record System 1

2026-02-08
CVE-2026-2088
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1

2026-02-08
CVE-2026-2087
Analyzed
7.3
HP Multiple Products

A flaw has been found in SourceCodester Online Class Record System 1

2026-02-08
CVE-2026-2083
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in code-projects Social Networking Site 1

2026-02-08
CVE-2026-2073
7.3
HP Multiple Products

A vulnerability was determined in itsourcecode School Management System 1

2026-02-07
CVE-2026-2060
7.3
HP Multiple Products

A vulnerability was found in code-projects Simple Blood Donor Management System 1

2026-02-07
CVE-2026-2059
7.3
HP Multiple Products

A vulnerability has been found in SourceCodester Medical Center Portal Management System 1

2026-02-07
CVE-2026-2058
7.3
HP of the

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be

2026-02-07
CVE-2026-2057
7.3
HP Multiple Products

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1

2026-02-07
CVE-2026-2020
7.5
HP is vulnerable

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6

2026-03-08
CVE-2026-2018
7.3
HP Multiple Products

A flaw has been found in itsourcecode School Management System 1

2026-02-07
CVE-2026-2014
7.3
HP Multiple Products

A security flaw has been discovered in itsourcecode Student Management System 1

2026-02-07
CVE-2026-2013
7.3
HP Multiple Products

A vulnerability was identified in itsourcecode Student Management System 1

2026-02-07
CVE-2026-2012
7.3
HP Multiple Products

A vulnerability was determined in itsourcecode Student Management System 1

2026-02-06
CVE-2026-2011
7.3
HP Multiple Products

A vulnerability was found in itsourcecode Student Management System 1

2026-02-06
CVE-2026-14778
Analyzed
7.3
HP Onlne Examination & Learning Management System

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1

2026-07-06
CVE-2026-14772
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1

2026-07-06
CVE-2026-14771
Analyzed
7.3
HP Class and Exam Timetabling System

A flaw has been found in SourceCodester Class and Exam Timetabling System 1

2026-07-06
CVE-2026-14770
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1

2026-07-06
CVE-2026-14769
Analyzed
7.3
HP Real State Services

A security vulnerability has been detected in code-projects Real State Services 1

2026-07-06
CVE-2026-14768
Analyzed
7.3
HP Real State Services

A weakness has been identified in code-projects Real State Services 1

2026-07-06
CVE-2026-14764
Analyzed
7.3
HP Hotel and Tourism Reservation

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1

2026-07-07
CVE-2026-14763
Analyzed
7.3
HP Hotel and Tourism Reservation

A flaw has been found in code-projects Hotel and Tourism Reservation 1

2026-07-06
CVE-2026-14762
Analyzed
7.3
HP Hotel and Tourism Reservation

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1

2026-07-06
CVE-2026-14756
Analyzed
7.3
HP Hotel and Tourism Reservation

A vulnerability was found in code-projects Hotel and Tourism Reservation 1

2026-07-06
CVE-2026-14755
Analyzed
7.3
HP Hotel and Tourism Reservation

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1

2026-07-06
CVE-2026-14700
Analyzed
7.3
HP Internship Management System

A security vulnerability has been detected in code-projects Internship Management System 1

2026-07-05
CVE-2026-14653
Analyzed
7.3
HP Simple and Nice Shopping Cart Script

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1

2026-07-05
CVE-2026-14649
Analyzed
7.3
HP Online Voting System

A vulnerability was detected in code-projects Online Voting System 1

2026-07-05
CVE-2026-14648
Analyzed
7.3
HP Online Voting System

A security vulnerability has been detected in code-projects Online Voting System up to 0

2026-07-05
CVE-2026-14642
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1

2026-07-05
CVE-2026-14641
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1

2026-07-05
CVE-2026-14640
Analyzed
7.3
HP Apartment Visitor Management System

A vulnerability was found in CodeAstro Apartment Visitor Management System 1

2026-07-05
CVE-2026-14622
Analyzed
7.3
HP restaurant-website-php-mysql

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35

2026-07-05
CVE-2026-14544
Analyzed
9.8
HP Red Hat Enterprise Linux 10

An integer overflow in the HPLIP hpcups processing path allows a remote attacker to escalate privileges or execute arbitrary code via specially crafte...

2026-07-03
CVE-2026-1426
8.8
HP is vulnerable

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3

2026-02-19
CVE-2026-13753
Analyzed
7.5
HP HP 2800 Printer Series

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR

2026-07-07
CVE-2026-13708
Analyzed
7.5
HP Imager::File::JPEG

Imager::File::JPEG versions before 1

2026-07-07
CVE-2026-1358
Analyzed
9.8
HP Airleader Master

Airleader Master versions 6.381 and prior allow unauthenticated users to perform unrestricted file uploads to high-privilege webpages, potentially lea...

2026-02-13
CVE-2026-13498
Analyzed
7.3
HP restaurent-management-system

A vulnerability was identified in yashpokharna2555 restaurent-management-system

2026-06-29
CVE-2026-1331
Analyzed
9.8
HP Multiple Products

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execut...

2026-01-22
CVE-2026-12256
Analyzed
8.8
HP Avada

Contributor PHP Object Injection in Avada <= 3

2026-06-18
CVE-2026-12242
Analyzed
8.8
HP AdRotate Banner Manager

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5

2026-06-25
CVE-2026-1222
Analyzed
7.2
HP Multiple Products

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to uplo...

2026-01-20
CVE-2026-12204
Analyzed
7.3
HP ShopXO

A vulnerability was determined in ShopXO up to 6

2026-06-15
CVE-2026-12183
Analyzed
9.8
HP BUK TS-G Gas Station Automation System

The BUK TS-G automation system contains an authentication bypass vulnerability that allows remote, unauthenticated attackers to execute arbitrary admi...

2026-06-14
CVE-2026-12043
Analyzed
8.8
HP aws-c-http

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a serve...

2026-06-13
CVE-2026-1160
Analyzed
7.3
HP Multiple Products

A security vulnerability has been detected in PHPGurukul Directory Management System 1

2026-01-20
CVE-2026-11490
Analyzed
7.3
HP Online Music Site

A vulnerability was determined in code-projects Online Music Site 1

2026-06-08
CVE-2026-11486
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1

2026-06-08
CVE-2026-11474
Analyzed
7.3
HP student-management-system

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a

2026-06-08
CVE-2026-11471
Analyzed
7.3
HP Class and Exam Timetabling System

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1

2026-06-08
CVE-2026-11462
Analyzed
7.3
HP BeikeShop

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1

2026-06-08
CVE-2026-11456
Analyzed
7.3
HP CRM

A vulnerability was identified in Chanjet CRM 1

2026-06-08
CVE-2026-1056
Analyzed
9.8
HP Multiple Products

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dir...

2026-01-29
CVE-2026-1021
Analyzed
9.8
HP Multiple Products

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload an...

2026-01-16
CVE-2026-0910
8.8
HP is vulnerable

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2

2026-02-12
CVE-2026-0859
Analyzed
7.8
HP Multiple Products

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized dur...

2026-01-15
CVE-2026-0761
Analyzed
9.8
HP Multiple Products

Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers t...

2026-01-23
CVE-2026-0726
Analyzed
8.1
HP Multiple Products

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4

2026-01-21
CVE-2025-9933
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1

2025-09-04
CVE-2025-9932
Analyzed
7.3
HP Multiple Products

A flaw has been found in PHPGurukul Beauty Parlour Management System 1

2025-09-04
CVE-2025-9846
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Inj...

2025-09-23
CVE-2025-9831
Analyzed
7.3
HP Multiple Products

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1

2025-09-02
CVE-2025-9830
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

2025-09-02
CVE-2025-9829
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1

2025-09-02
CVE-2025-9814
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

2025-09-02
CVE-2025-9501
Analyzed
9
HP Multiple Products

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated u...

2025-11-18
CVE-2025-9307
Analyzed
7.3
HP Multiple Products

A flaw has been found in PHPGurukul Online Course Registration 3

2025-08-21
CVE-2025-9302
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul User Management System 1

2025-08-21
CVE-2025-9275
Analyzed
7.8
HP Multiple Products

Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2025-09-02
CVE-2025-9274
Analyzed
7.8
HP Multiple Products

Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

2025-09-02
CVE-2025-9150
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317

2025-08-19
CVE-2025-8955
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Hospital Management System 4

2025-08-15
CVE-2025-8954
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul Hospital Management System 4

2025-08-15
CVE-2025-8951
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Teachers Record Management System 2

2025-08-15
CVE-2025-8450
Analyzed
8.2
HP Multiple Products

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order...

2025-08-19
CVE-2025-8431
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Boat Booking System 1

2025-08-01
CVE-2025-8417
Analyzed
8.1
HP Multiple Products

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5

2025-09-12
CVE-2025-8356
Analyzed
9.8
HP Multiple Products

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead...

2025-08-08
CVE-2025-8323
Analyzed
8.8
HP Multiple Products

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoor...

2025-07-30
CVE-2025-8289
Analyzed
7.5
HP Multiple Products

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3

2025-08-20
CVE-2025-8179
Analyzed
7.3
HP Multiple Products

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2

2025-07-28
CVE-2025-8145
Analyzed
8.8
HP Multiple Products

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3

2025-08-20
CVE-2025-7757
Analyzed
7.3
HP Multiple Products

A vulnerability classified as critical was found in PHPGurukul Land Record System 1

2025-07-17
CVE-2025-7604
Analyzed
7.3
HP Multiple Products

A vulnerability was found in PHPGurukul Hospital Management System 4

2025-07-14
CVE-2025-7542
Analyzed
7.3
HP Multiple Products

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3

2025-07-14
CVE-2025-7534
Analyzed
7.3
HP Multiple Products

A vulnerability was found in PHPGurukul Student Result Management System 2

2025-07-14
CVE-2025-7521
Analyzed
7.3
HP Multiple Products

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1

2025-07-14
CVE-2025-7514
Analyzed
7.3
HP Multiple Products

A vulnerability was found in code-projects Modern Bag 1

2025-07-14
CVE-2025-7384
Analyzed
9.8
HP Multiple Products

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includ...

2025-08-13
CVE-2025-71284
Analyzed
9.8
HP where the

Synway SMG Gateway Management Software is vulnerable to unauthenticated OS command injection in the RADIUS configuration endpoint, leading to remote c...

2026-05-01
CVE-2025-71243
Analyzed
9.8
HP Saisies pour formulaire (Saisies) plugin

The 'Saisies' plugin for SPIP contains a critical Remote Code Execution (RCE) vulnerability that allows attackers to run arbitrary code on the host se...

2026-02-20
CVE-2025-70893
Analyzed
8.8
HP Multiple Products

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1

2026-01-16
CVE-2025-70892
Analyzed
9.8
HP Multiple Products

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly v...

2026-01-16
CVE-2025-70152
Analyzed
9.8
HP and

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.ph...

2026-02-19
CVE-2025-70151
8.8
HP and upload

code-projects Scholars Tracking System 1

2026-02-19
CVE-2025-70150
Analyzed
9.8
HP that allows

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers...

2026-02-19
CVE-2025-70149
Analyzed
9.8
HP via the

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.

2026-02-19
CVE-2025-70148
7.5
HP in CodeAstro

Missing authentication and authorization in print_membership_card

2026-02-19
CVE-2025-70147
7.5
HP and

Missing authentication in /admin/student

2026-02-19
CVE-2025-70141
Analyzed
9.4
HP based on

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php, allowing unauthenticated attackers to invok...

2026-02-19
CVE-2025-70064
8.8
HP Multiple Products

PHPGurukul Hospital Management System v4

2026-02-19
CVE-2025-69768
7.5
HP component

SQL Injection vulnerability in Chyrp v

2026-03-17
CVE-2025-69691
Analyzed
9.9
HP code

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only a...

2026-05-09
CVE-2025-69690
Analyzed
9.1
HP object containing

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboo...

2026-05-09
CVE-2025-69634
Analyzed
9
HP Dolibarr ERP & CRM

A Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr ERP & CRM v.22.0.9 allows remote attackers to escalate privileges by manipulating the no...

2026-02-13
CVE-2025-69342
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate a...

2026-01-07
CVE-2025-69200
Analyzed
7.5
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2025-12-30
CVE-2025-69130
Analyzed
8.8
HP Entrepreneur Booking Theme

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3

2026-06-18
CVE-2025-69087
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent allows PH...

2026-01-06
CVE-2025-69086
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PH...

2026-01-07
CVE-2025-69083
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows P...

2026-01-07
CVE-2025-69081
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-i...

2026-01-08
CVE-2025-69080
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Lo...

2026-01-08
CVE-2025-69039
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allo...

2026-01-24
CVE-2025-68996
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Pos...

2025-12-31
CVE-2025-68987
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Cinerama - A Word...

2025-12-31
CVE-2025-68985
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP...

2025-12-31
CVE-2025-68984
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP...

2025-12-31
CVE-2025-68983
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart a...

2025-12-31
CVE-2025-68974
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social L...

2025-12-31
CVE-2025-68897
Analyzed
9.9
HP Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects...

2025-12-30
CVE-2025-6888
7.3
HP Multiple Products

A vulnerability was found in PHPGurukul Teachers Record Management System 2

2025-07-06
CVE-2025-68877
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integ...

2025-12-30
CVE-2025-68870
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allo...

2025-12-30
CVE-2025-6885
7.3
HP Multiple Products

A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2

2025-07-06
CVE-2025-68668
Analyzed
9.9
HP Multiple Products

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node...

2025-12-27
CVE-2025-6863
7.3
HP Multiple Products

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2

2025-07-06
CVE-2025-68563
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unloc...

2025-12-25
CVE-2025-68562
Analyzed
9.9
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG:...

2025-12-30
CVE-2025-68560
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elem...

2025-12-24
CVE-2025-68546
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local...

2025-12-24
CVE-2025-68544
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Diza allows PHP Local...

2025-12-24
CVE-2025-68540
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP...

2025-12-25
CVE-2025-68537
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP...

2025-12-25
CVE-2025-68530
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory al...

2025-12-25
CVE-2025-68506
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache do...

2025-12-25
CVE-2025-68434
Analyzed
8.8
HP Multiple Products

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework

2025-12-18
CVE-2025-68147
Analyzed
8.1
HP Multiple Products

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework

2025-12-18
CVE-2025-68109
Analyzed
9.1
HP Multiple Products

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or...

2025-12-18
CVE-2025-68068
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stock...

2025-12-17
CVE-2025-68067
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core...

2025-12-17
CVE-2025-68066
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad a...

2025-12-17
CVE-2025-68065
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-cor...

2025-12-17
CVE-2025-68062
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog a...

2025-12-17
CVE-2025-68061
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall all...

2025-12-17
CVE-2025-68038
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Ic...

2025-12-25
CVE-2025-67937
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon a...

2026-01-09
CVE-2025-67936
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly all...

2026-01-09
CVE-2025-67935
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimi...

2026-01-09
CVE-2025-67934
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring well...

2026-01-09
CVE-2025-67925
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit al...

2026-01-09
CVE-2025-67920
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoo...

2026-01-09
CVE-2025-67510
Analyzed
9.4
HP Multiple Products

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided b...

2025-12-11
CVE-2025-67509
Analyzed
8.2
HP Multiple Products

Neuron is a PHP framework for creating and orchestrating AI Agents

2025-12-11
CVE-2025-67504
Analyzed
9.1
HP Multiple Products

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand()...

2025-12-10
CVE-2025-6742
Analyzed
7.5
HP Multiple Products

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includi...

2025-07-11
CVE-2025-67289
Analyzed
9.6
HP Multiple Products

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading...

2025-12-23
CVE-2025-67164
Analyzed
9.9
HP Multiple Products

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary co...

2025-12-18
CVE-2025-6715
Analyzed
9.8
HP Multiple Products

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to...

2025-08-13
CVE-2025-67147
Analyzed
9.8
HP Multiple Products

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1)...

2026-01-13
CVE-2025-67146
Analyzed
9.4
HP Multiple Products

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) traine...

2026-01-13
CVE-2025-66802
Analyzed
9.8
HP Multiple Products

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into i...

2026-01-13
CVE-2025-66299
Analyzed
8.8
HP Multiple Products

Grav is a file-based Web platform

2025-12-02
CVE-2025-66131
Analyzed
9.1
HP Multiple Products

Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Con...

2025-12-17
CVE-2025-66029
Analyzed
7.6
HP Multiple Products

Open OnDemand provides remote web access to supercomputers

2025-12-18
CVE-2025-65875
Analyzed
8.8
HP file

An arbitrary file upload vulnerability in the AddFont() function of FPDF v1

2026-02-04
CVE-2025-65791
Analyzed
9.8
HP ZoneMinder

ZoneMinder is vulnerable to remote command injection because user-supplied input is passed unsanitized to the exec() function in the image.php view.

2026-02-19
CVE-2025-65656
Analyzed
9.8
HP Multiple Products

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

2025-12-04
CVE-2025-65473
Analyzed
9.1
HP Multiple Products

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privil...

2025-12-12
CVE-2025-65358
Analyzed
9.8
HP Multiple Products

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

2025-12-04
CVE-2025-65354
Analyzed
9.8
HP Multiple Products

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST par...

2025-12-24
CVE-2025-65135
Analyzed
9.8
HP through the

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.ph...

2026-04-15
CVE-2025-64767
Analyzed
9.1
HP Multiple Products

hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal()...

2025-11-22
CVE-2025-6464
7.5
HP Multiple Products

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up...

2025-07-06
CVE-2025-64519
Analyzed
8.8
HP Multiple Products

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php

2025-11-11
CVE-2025-64500
7.3
HP Multiple Products

Symfony is a PHP framework for web and console applications and a set of reusable PHP components

2025-11-14
CVE-2025-64360
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Ele...

2025-10-31
CVE-2025-64359
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting con...

2025-10-31
CVE-2025-64287
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel...

2025-11-06
CVE-2025-64284
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Sup...

2025-10-29
CVE-2025-64216
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-ma...

2025-10-29
CVE-2025-64205
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows...

2025-12-19
CVE-2025-64195
Analyzed
7.6
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows...

2025-10-29
CVE-2025-64128
Analyzed
10
HP Multiple Products

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting...

2025-11-27
CVE-2025-64081
Analyzed
9.8
HP Multiple Products

SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to ex...

2025-12-09
CVE-2025-64050
Analyzed
7.2
HP Multiple Products

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5

2025-11-26
CVE-2025-63939
Analyzed
9.8
HP Multiple Products

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sit...

2026-04-15
CVE-2025-63889
Analyzed
7.5
HP Multiple Products

The fetch function in file thinkphp\library\think\Template

2025-11-20
CVE-2025-63689
Analyzed
10
HP Multiple Products

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remot...

2025-11-08
CVE-2025-63622
Analyzed
9.8
HP Multiple Products

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.ph...

2025-10-30
CVE-2025-63611
Analyzed
8.7
HP Multiple Products

Cross-Site Scripting in phpgurukul Hostel Management System v2

2026-01-09
CVE-2025-63535
Analyzed
9.6
HP Multiple Products

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize...

2025-12-02
CVE-2025-63532
Analyzed
9.6
HP Multiple Products

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly saniti...

2025-12-02
CVE-2025-63531
Analyzed
10
HP Multiple Products

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly...

2025-12-02
CVE-2025-63525
Analyzed
9.6
HP Multiple Products

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted...

2025-12-02
CVE-2025-63453
Analyzed
9.8
HP Multiple Products

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.

2025-11-04
CVE-2025-63452
Analyzed
9.4
HP Multiple Products

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.

2025-11-04
CVE-2025-63451
Analyzed
9.8
HP Multiple Products

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.

2025-11-04
CVE-2025-63414
Analyzed
10
HP Multiple Products

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execu...

2025-12-17
CVE-2025-6327
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a W...

2025-11-06
CVE-2025-63076
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-...

2025-12-11
CVE-2025-63074
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allo...

2025-12-11
CVE-2025-63062
Analyzed
7.6
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-de...

2025-12-11
CVE-2025-63036
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme C...

2025-12-11
CVE-2025-63003
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required P...

2025-12-11
CVE-2025-62959
Analyzed
9.1
HP Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Cod...

2025-10-27
CVE-2025-62878
Analyzed
9.9
HP HP Multiple Products

A parameter manipulation vulnerability in HP products allows users to create PersistentVolumes in unauthorized locations, leading to host file overwri...

2026-02-26
CVE-2025-62868
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows P...

2025-10-24
CVE-2025-62753
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allow...

2025-12-31
CVE-2025-62606
Analyzed
8.8
HP Multiple Products

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view

2025-10-22
CVE-2025-62521
Analyzed
10
HP Multiple Products

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's...

2025-12-18
CVE-2025-62519
Analyzed
7.2
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2025-11-18
CVE-2025-62510
Analyzed
8.1
HP Multiple Products

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations

2025-10-20
CVE-2025-62509
Analyzed
8.1
HP Multiple Products

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations

2025-10-20
CVE-2025-62075
7.3
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Paymen...

2025-11-06
CVE-2025-62067
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory

2025-11-06
CVE-2025-62066
7.4
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolut...

2025-11-06
CVE-2025-62055
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Academist acade...

2025-11-06
CVE-2025-62054
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Fun...

2025-10-23
CVE-2025-62053
8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez

2025-11-06
CVE-2025-62045
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elem...

2025-11-06
CVE-2025-62029
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo

2025-10-23
CVE-2025-62014
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok

2025-11-08
CVE-2025-62010
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Famita famita allow...

2025-11-08
CVE-2025-61934
Analyzed
10
HP Multiple Products

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an una...

2025-10-23
CVE-2025-61913
Analyzed
9.9
HP Multiple Products

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in...

2025-10-09
CVE-2025-61481
Analyzed
10
HP Multiple Products

An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management com...

2025-10-27
CVE-2025-61455
Analyzed
9.8
HP Multiple Products

SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorpor...

2025-10-20
CVE-2025-61314
7.3
HP component of

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt

2026-05-12
CVE-2025-61313
7.3
HP component of

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts

2026-05-12
CVE-2025-61312
7.3
HP component of

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess

2026-05-12
CVE-2025-61311
7.3
HP component of

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts

2026-05-12
CVE-2025-61247
Analyzed
8.2
HP Multiple Products

indieka900 online-shopping-system-php 1

2025-10-27
CVE-2025-61246
Analyzed
9.8
HP Multiple Products

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.

2026-01-09
CVE-2025-61168
Analyzed
9.8
HP Multiple Products

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.

2025-11-26
CVE-2025-60949
Analyzed
9.1
HP CSWeb

Census CSWeb 8.0.1 exposes the "app/config" directory via HTTP, allowing unauthenticated attackers to download configuration files and obtain sensitiv...

2026-03-24
CVE-2025-60786
Analyzed
8.8
HP Multiple Products

A Zip Slip vulnerability in the import a Project component of iceScrum v7

2025-12-16
CVE-2025-60736
Analyzed
9.8
HP Multiple Products

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

2025-12-04
CVE-2025-60316
Analyzed
9.4
HP Multiple Products

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.

2025-10-10
CVE-2025-60248
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options...

2025-11-08
CVE-2025-60241
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce...

2025-11-08
CVE-2025-60240
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomme...

2025-11-08
CVE-2025-60225
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a...

2025-10-22
CVE-2025-60219
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This is...

2025-09-26
CVE-2025-60210
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.T...

2025-10-23
CVE-2025-60204
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Sto...

2025-11-06
CVE-2025-60203
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter...

2025-11-06
CVE-2025-60202
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favor...

2025-11-06
CVE-2025-60201
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Custome...

2025-11-06
CVE-2025-60200
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export I...

2025-11-06
CVE-2025-60199
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx InHype - Blog & Magazi...

2025-11-06
CVE-2025-60198
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Saxon - Viral Content...

2025-11-06
CVE-2025-60197
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms...

2025-11-06
CVE-2025-60196
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Clearblue Clearblue® Ovulatio...

2025-11-06
CVE-2025-60194
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Product S...

2025-11-06
CVE-2025-60193
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Role...

2025-11-06
CVE-2025-60192
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale...

2025-11-06
CVE-2025-60191
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist...

2025-11-06
CVE-2025-60190
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hinnerk Altenburg Immocaster...

2025-11-06
CVE-2025-60174
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This...

2025-12-19
CVE-2025-60153
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock...

2025-09-26
CVE-2025-60150
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Downlo...

2025-09-26
CVE-2025-60126
Analyzed
8.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider...

2025-09-26
CVE-2025-60091
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP...

2025-12-19
CVE-2025-60090
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gra...

2025-12-19
CVE-2025-60089
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects...

2025-12-19
CVE-2025-60075
Analyzed
7.1
HP Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS

2025-10-29
CVE-2025-60074
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer...

2025-11-06
CVE-2025-60072
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scrol...

2025-12-19
CVE-2025-60063
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rosalinda rosalin...

2025-12-19
CVE-2025-60055
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fabrica fabrica...

2025-12-19
CVE-2025-60054
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes OnLeash onleash...

2025-12-19
CVE-2025-60053
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube...

2025-12-19
CVE-2025-60052
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes W&D wd allows PH...

2025-12-19
CVE-2025-60051
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Rare Radio rarer...

2025-12-19
CVE-2025-60050
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allow...

2025-12-19
CVE-2025-60049
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleil soleil all...

2025-12-19
CVE-2025-5997
Analyzed
8.8
HP Multiple Products

Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse

2025-07-28
CVE-2025-59943
Analyzed
8.1
HP Multiple Products

phpMyFAQ is an open source FAQ web application

2025-10-03
CVE-2025-59939
Analyzed
8.8
HP Multiple Products

WeGIA is a Web manager for charitable institutions

2025-09-28
CVE-2025-59738
Analyzed
9.8
HP Multiple Products

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands...

2025-10-02
CVE-2025-59588
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PH...

2025-09-22
CVE-2025-59564
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall all...

2025-10-23
CVE-2025-59558
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allow...

2025-10-23
CVE-2025-59555
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin all...

2025-10-23
CVE-2025-59550
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allo...

2025-10-23
CVE-2025-59465
7.5
HP Multiple Products

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node

2026-01-21
CVE-2025-59304
Analyzed
9.8
HP Multiple Products

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted...

2025-09-17
CVE-2025-58973
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Add...

2025-09-22
CVE-2025-58967
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext a...

2025-10-23
CVE-2025-58963
Analyzed
9.8
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects M...

2025-10-23
CVE-2025-58958
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure...

2025-10-23
CVE-2025-58955
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allo...

2025-10-22
CVE-2025-58947
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allow...

2025-12-19
CVE-2025-58946
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allow...

2025-12-19
CVE-2025-58945
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow a...

2025-12-19
CVE-2025-58944
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manuf...

2025-12-19
CVE-2025-58943
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola...

2025-12-19
CVE-2025-58942
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allow...

2025-12-19
CVE-2025-58941
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric all...

2025-12-19
CVE-2025-58940
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allow...

2025-12-19
CVE-2025-58932
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma all...

2025-12-19
CVE-2025-58931
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio a...

2025-12-19
CVE-2025-58930
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex a...

2025-12-19
CVE-2025-58929
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry all...

2025-12-19
CVE-2025-58913
8.1
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows...

2026-04-11
CVE-2025-58898
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes HealthHub health...

2025-12-19
CVE-2025-58896
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Otaku otaku allo...

2025-12-19
CVE-2025-58895
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Integro integro...

2025-12-19
CVE-2025-58894
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mo...

2025-12-19
CVE-2025-58893
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright a...

2025-12-19
CVE-2025-58892
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo...

2025-12-19
CVE-2025-58891
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Sanger sanger al...

2025-12-19
CVE-2025-58890
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playful playful...

2025-12-19
CVE-2025-58889
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allow...

2025-12-19
CVE-2025-58885
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pathfinder pathf...

2025-12-19
CVE-2025-58879
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Festy festy allo...

2025-12-19
CVE-2025-58819
Analyzed
9.1
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue a...

2025-09-05
CVE-2025-58803
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix a...

2025-12-19
CVE-2025-58745
Analyzed
9.9
HP Multiple Products

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. Th...

2025-09-08
CVE-2025-58637
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart all...

2025-09-03
CVE-2025-58608
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PH...

2025-09-03
CVE-2025-58462
Analyzed
9.8
HP Multiple Products

OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacke...

2025-09-09
CVE-2025-58215
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Loca...

2025-09-09
CVE-2025-58214
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri allows PHP Loc...

2025-09-05
CVE-2025-58206
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach allows PHP...

2025-09-05
CVE-2025-58159
Analyzed
9.9
HP Multiple Products

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper...

2025-08-29
CVE-2025-58048
Analyzed
9.9
HP Multiple Products

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a...

2025-08-28
CVE-2025-5804
7.5
HP Program

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User a...

2026-04-12
CVE-2025-57925
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Tea...

2025-09-22
CVE-2025-57889
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery all...

2025-09-05
CVE-2025-57794
Analyzed
9.1
HP Multiple Products

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The applicat...

2026-01-29
CVE-2025-57567
Analyzed
9.1
HP Multiple Products

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme...

2025-10-17
CVE-2025-57151
Analyzed
8.8
HP Multiple Products

phpgurukul Complaint Management System 2

2025-09-03
CVE-2025-57150
Analyzed
7.2
HP Multiple Products

phpgurukul Complaint Management System in PHP 2

2025-09-04
CVE-2025-57148
Analyzed
9.1
HP Multiple Products

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.

2025-09-03
CVE-2025-57147
Analyzed
7.5
HP Multiple Products

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2

2025-09-03
CVE-2025-57146
Analyzed
8.1
HP Multiple Products

phpgurukul Complaint Management System in PHP 2

2025-09-04
CVE-2025-57119
Analyzed
9.8
HP Multiple Products

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function

2025-09-17
CVE-2025-56710
Analyzed
7.3
HP Multiple Products

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2

2025-09-15
CVE-2025-56265
Analyzed
8.8
HP Multiple Products

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1

2025-09-08
CVE-2025-56216
Analyzed
8.5
HP Multiple Products

phpgurukul Hospital Management System 4

2025-08-25
CVE-2025-56214
Analyzed
9.8
HP Multiple Products

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.

2025-08-26
CVE-2025-56212
Analyzed
9.8
HP Multiple Products

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.

2025-08-26
CVE-2025-56074
Analyzed
9.8
HP Multiple Products

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Th...

2025-09-22
CVE-2025-55849
Analyzed
8.4
HP Multiple Products

WeiPHP v5

2025-09-08
CVE-2025-55835
Analyzed
9.8
HP Multiple Products

File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.

2025-09-12
CVE-2025-55746
Analyzed
9.3
HP Multiple Products

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file upda...

2025-08-20
CVE-2025-55727
Analyzed
10
HP Multiple Products

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to versi...

2025-09-09
CVE-2025-55444
Analyzed
9.8
HP Multiple Products

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote att...

2025-08-21
CVE-2025-55287
Analyzed
8
HP Multiple Products

Genealogy is a family tree PHP application

2025-08-19
CVE-2025-54987
Analyzed
9.4
HP Multiple Products

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and e...

2025-08-05
CVE-2025-54948
KEV Analyzed
9.4
HP Multiple Products

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and e...

2025-08-05
CVE-2025-54762
Analyzed
9.8
HP Multiple Products

SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS co...

2025-08-28
CVE-2025-54750
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by F...

2025-08-20
CVE-2025-54716
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Loc...

2025-08-28
CVE-2025-54713
Analyzed
9.8
HP Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Ab...

2025-08-20
CVE-2025-54709
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala

2025-09-09
CVE-2025-54701
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP...

2025-08-14
CVE-2025-54700
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows P...

2025-08-14
CVE-2025-54693
Analyzed
9
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form...

2025-08-14
CVE-2025-54690
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP...

2025-08-14
CVE-2025-54689
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local...

2025-08-14
CVE-2025-54483
Analyzed
9.8
HP Multiple Products

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa...

2025-08-25
CVE-2025-54418
Analyzed
9.8
HP Multiple Products

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the...

2025-07-28
CVE-2025-54378
Analyzed
8.3
HP Multiple Products

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends

2025-07-28
CVE-2025-54336
Analyzed
9.8
HP Multiple Products

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an at...

2025-08-19
CVE-2025-54138
Analyzed
7.5
HP Multiple Products

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating syst...

2025-07-23
CVE-2025-54119
Analyzed
10
HP Multiple Products

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper...

2025-08-05
CVE-2025-54052
7.5
HP Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin allows PHP Local File Inclusion

2025-08-20
CVE-2025-54034
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletter...

2025-08-20
CVE-2025-54031
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows...

2025-08-20
CVE-2025-54028
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 W...

2025-08-20
CVE-2025-54017
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscr...

2025-08-20
CVE-2025-53970
Analyzed
9.8
HP Multiple Products

SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS co...

2025-08-28
CVE-2025-53578
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kipso allows PHP Local...

2025-08-28
CVE-2025-53577
Analyzed
10
HP Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DN...

2025-08-20
CVE-2025-53576
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ovatheme Events allo...

2025-08-28
CVE-2025-53567
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit allows PHP Local...

2025-08-20
CVE-2025-53529
Analyzed
9.8
HP Multiple Products

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php end...

2025-07-07
CVE-2025-53484
Analyzed
9.8
HP Multiple Products

User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (us...

2025-07-08
CVE-2025-53453
Analyzed
8.2
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allow...

2025-12-19
CVE-2025-53450
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table...

2025-09-22
CVE-2025-53433
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes EasyEat easyeat...

2025-12-19
CVE-2025-53429
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Exit Game exit-g...

2025-12-19
CVE-2025-53334
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Loc...

2025-08-28
CVE-2025-53328
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Assaf Parag Poll, Survey & Qu...

2025-08-28
CVE-2025-53326
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodeYatri Gutenify allows PHP...

2025-08-28
CVE-2025-53303
Analyzed
8.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection

2025-09-09
CVE-2025-53248
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine allows PHP...

2025-08-28
CVE-2025-53247
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows...

2025-08-28
CVE-2025-53244
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allow...

2025-08-28
CVE-2025-53227
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Saga allows...

2025-08-28
CVE-2025-53216
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeUniver Glamer allows PHP...

2025-08-28
CVE-2025-53210
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PH...

2025-08-20
CVE-2025-53207
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg...

2025-08-20
CVE-2025-53204
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows PHP...

2025-08-20
CVE-2025-53198
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP...

2025-08-20
CVE-2025-52807
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCo...

2025-07-05
CVE-2025-52806
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP L...

2025-08-14
CVE-2025-52805
7.5
HP Multiple Products

Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion

2025-07-06
CVE-2025-52779
Analyzed
7.1
HP Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Re...

2025-07-16
CVE-2025-52768
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Faith & Hope fai...

2025-12-19
CVE-2025-52761
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a...

2025-08-28
CVE-2025-52745
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Farm Agrico farm...

2025-12-19
CVE-2025-52728
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Pos...

2025-08-14
CVE-2025-52716
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PH...

2025-08-14
CVE-2025-52691
KEV Analyzed
10
HP Multiple Products

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, pot...

2025-12-29
CVE-2025-52577
Analyzed
8.8
HP Multiple Products

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet

2025-07-11
CVE-2025-5243
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabil...

2025-07-25
CVE-2025-52390
Analyzed
9.1
HP Multiple Products

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in...

2025-08-01
CVE-2025-52353
Analyzed
9.8
HP Multiple Products

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP c...

2025-08-27
CVE-2025-52239
Analyzed
9.8
HP Multiple Products

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

2025-08-05
CVE-2025-52203
Analyzed
7.6
HP Multiple Products

A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1

2025-07-31
CVE-2025-52021
Analyzed
9.8
HP Multiple Products

A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter...

2025-10-08
CVE-2025-51958
Analyzed
9.8
HP Multiple Products

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcomma...

2026-01-31
CVE-2025-51567
Analyzed
9.1
HP Multiple Products

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary...

2026-01-13
CVE-2025-50972
Analyzed
9.8
HP Multiple Products

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index...

2025-08-27
CVE-2025-50881
8.8
HP code after

The `flow/admin/moniteur

2026-03-18
CVE-2025-50870
Analyzed
9.8
HP Multiple Products

Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an em...

2025-08-01
CVE-2025-50857
Analyzed
9.8
HP ZenTaoPMS

ZenTaoPMS is vulnerable to a directory traversal flaw in its AI module, enabling unauthenticated attackers to achieve remote code execution via malici...

2026-02-27
CVE-2025-50722
Analyzed
9.8
HP Multiple Products

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

2025-08-25
CVE-2025-50707
Analyzed
9.8
HP Multiple Products

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component

2025-08-05
CVE-2025-50706
Analyzed
9.8
HP Multiple Products

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function

2025-08-05
CVE-2025-50674
Analyzed
7.8
HP Multiple Products

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user

2025-08-23
CVE-2025-50567
Analyzed
10
HP Multiple Products

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (ev...

2025-08-19
CVE-2025-50197
7.2
HP via the

Chamilo is a learning management system

2026-03-04
CVE-2025-50196
7.2
HP via the

Chamilo is a learning management system

2026-03-04
CVE-2025-50195
7.2
HP Multiple Products

Chamilo is a learning management system

2026-03-04
CVE-2025-50194
7.2
HP Multiple Products

Chamilo is a learning management system

2026-03-04
CVE-2025-50193
7.2
HP with the

Chamilo is a learning management system

2026-03-04
CVE-2025-50191
7.2
HP script

Chamilo is a learning management system

2026-03-04
CVE-2025-50189
8.8
HP Multiple Products

Chamilo is a learning management system

2026-03-04
CVE-2025-50188
7.2
HP and

Chamilo is a learning management system

2026-03-04
CVE-2025-49943
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Femme femme allo...

2025-12-19
CVE-2025-49942
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gardis gardis al...

2025-12-19
CVE-2025-49941
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchi...

2025-12-19
CVE-2025-49935
7.4
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allo...

2025-10-23
CVE-2025-49921
7.3
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CrocoBlock JetReviews jet-rev...

2025-10-23
CVE-2025-49405
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP...

2025-08-28
CVE-2025-49401
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in ExpressTech Systems Quiz And Survey Master allows Object Injection. This issue affects Quiz And Sur...

2025-09-05
CVE-2025-49387
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell t...

2025-08-28
CVE-2025-49383
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP L...

2025-08-28
CVE-2025-49371
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allo...

2025-12-19
CVE-2025-49370
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lymcoin lymcoin...

2025-12-19
CVE-2025-49369
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce...

2025-12-19
CVE-2025-49368
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladi...

2025-12-19
CVE-2025-49367
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Monyxi monyxi al...

2025-12-19
CVE-2025-49366
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani al...

2025-12-19
CVE-2025-49365
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-w...

2025-12-19
CVE-2025-49364
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise l...

2025-12-19
CVE-2025-49363
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens k...

2025-12-19
CVE-2025-49362
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioz...

2025-12-19
CVE-2025-49361
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita al...

2025-12-19
CVE-2025-49360
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology mil...

2025-12-19
CVE-2025-49359
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shie...

2025-12-19
CVE-2025-49271
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge T...

2025-08-14
CVE-2025-49264
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services...

2025-08-14
CVE-2025-49070
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi allows PHP L...

2025-07-06
CVE-2025-49060
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue aff...

2025-10-23
CVE-2025-49036
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addo...

2025-08-14
CVE-2025-48396
Analyzed
8.3
HP Multiple Products

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS

2025-11-04
CVE-2025-48338
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-...

2025-10-23
CVE-2025-48332
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks...

2025-08-14
CVE-2025-48302
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP...

2025-08-20
CVE-2025-48300
Analyzed
9.1
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affects...

2025-07-16
CVE-2025-48298
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for M...

2025-08-20
CVE-2025-48293
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows...

2025-08-14
CVE-2025-48171
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store allows PHP...

2025-08-20
CVE-2025-48160
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris allows PHP...

2025-08-20
CVE-2025-48157
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allo...

2025-08-20
CVE-2025-48149
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP L...

2025-08-20
CVE-2025-47627
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail A...

2025-07-06
CVE-2025-47571
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder

2025-09-09
CVE-2025-4665
Analyzed
9.6
HP Multiple Products

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades...

2025-10-29
CVE-2025-46384
Analyzed
8.8
HP Multiple Products

CWE-434 Unrestricted Upload of File with Dangerous Type

2025-07-21
CVE-2025-45805
Analyzed
7.6
HP Multiple Products

In phpgurukul Doctor Appointment Management System 1

2025-09-03
CVE-2025-45769
Analyzed
7.3
HP Multiple Products

php-jwt v6

2025-07-31
CVE-2025-45065
Analyzed
9.8
HP Multiple Products

employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.

2025-07-08
CVE-2025-44823
Analyzed
9.9
HP Multiple Products

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/syst...

2025-10-07
CVE-2025-4414
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content...

2025-07-06
CVE-2025-44137
Analyzed
8.2
HP Multiple Products

MapTiler Tileserver-php v2

2025-07-29
CVE-2025-44136
Analyzed
9.8
HP Multiple Products

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html enco...

2025-07-29
CVE-2025-41737
Analyzed
7.5
HP Multiple Products

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules

2025-11-19
CVE-2025-41736
Analyzed
8.8
HP Multiple Products

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resul...

2025-11-19
CVE-2025-41734
Analyzed
9.8
HP Multiple Products

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

2025-11-19
CVE-2025-40692
Analyzed
9.8
HP Multiple Products

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete databas...

2025-09-12
CVE-2025-40691
Analyzed
9.8
HP Multiple Products

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete databas...

2025-09-12
CVE-2025-40690
Analyzed
9.8
HP Multiple Products

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete databas...

2025-09-12
CVE-2025-40689
Analyzed
9.8
HP Multiple Products

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete databas...

2025-09-12
CVE-2025-40687
Analyzed
9.8
HP Multiple Products

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete databas...

2025-09-12
CVE-2025-37164
KEV Analyzed
10
HP Multiple Products

A remote code execution issue exists in HPE OneView.

2025-12-17
CVE-2025-37163
7.2
HP Multiple Products

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform

2025-11-19
CVE-2025-37127
Analyzed
7.2
HP Multiple Products

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to ga...

2025-09-16
CVE-2025-37126
Analyzed
7.2
HP Multiple Products

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run ar...

2025-09-16
CVE-2025-37125
7.5
HP Multiple Products

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS)

2025-09-16
CVE-2025-37124
Analyzed
8.6
HP Multiple Products

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections

2025-09-16
CVE-2025-37123
Analyzed
8.8
HP Multiple Products

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to esca...

2025-09-16
CVE-2025-37107
Analyzed
7.3
HP Multiple Products

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-16
CVE-2025-37106
Analyzed
7.3
HP Multiple Products

An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-16
CVE-2025-37105
Analyzed
7.5
HP Multiple Products

An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-16
CVE-2025-37104
7.1
HP Multiple Products

A security vulnerability has been identified in HPE Telco Service Orchestrator software

2025-07-16
CVE-2025-37103
Analyzed
9.8
HP Multiple Products

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device aut...

2025-07-08
CVE-2025-37099
Analyzed
9.8
HP Multiple Products

A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

2025-07-06
CVE-2025-37098
7.5
HP Multiple Products

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7

2025-07-06
CVE-2025-37097
7.5
HP Multiple Products

A vulnerability in HPE Insight Remote Support (IRS) prior to v7

2025-07-06
CVE-2025-3703
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript...

2025-08-14
CVE-2025-36846
Analyzed
9.8
HP Multiple Products

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated us...

2025-07-22
CVE-2025-32657
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slide...

2025-10-23
CVE-2025-32304
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP...

2026-01-07
CVE-2025-32288
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensio...

2025-08-14
CVE-2025-31048
Analyzed
9.9
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: fro...

2026-01-06
CVE-2025-30949
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram:...

2025-07-16
CVE-2025-30635
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allow...

2025-08-14
CVE-2025-29009
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web She...

2025-07-16
CVE-2025-28979
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP...

2025-08-14
CVE-2025-27724
Analyzed
9.3
HP Multiple Products

A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file...

2025-07-28
CVE-2025-27224
Analyzed
9.8
HP Multiple Products

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitiz...

2025-10-28
CVE-2025-25174
Analyzed
10
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensi...

2025-08-14
CVE-2025-25172
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP...

2025-08-14
CVE-2025-24775
Analyzed
9.9
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms:...

2025-08-14
CVE-2025-24766
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine...

2025-08-14
CVE-2025-22712
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify al...

2026-01-09
CVE-2025-22708
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allow...

2026-01-09
CVE-2025-22707
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allo...

2026-01-09
CVE-2025-22509
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allow...

2026-01-09
CVE-2025-22470
Analyzed
9.8
HP Multiple Products

CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary...

2025-08-07
CVE-2025-15457
Analyzed
7.3
HP Multiple Products

A vulnerability was found in bg5sbk MiniCMS up to 1

2026-01-05
CVE-2025-15456
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in bg5sbk MiniCMS up to 1

2026-01-05
CVE-2025-15263
Analyzed
7.3
HP Multiple Products

A weakness has been identified in BiggiDroid Simple PHP CMS 1

2025-12-31
CVE-2025-15240
Analyzed
8.8
HP Multiple Products

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to...

2026-01-05
CVE-2025-15228
Analyzed
9.8
HP Multiple Products

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and exec...

2025-12-29
CVE-2025-15226
Analyzed
9.8
HP Multiple Products

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoo...

2025-12-29
CVE-2025-15142
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c

2025-12-29
CVE-2025-15067
Analyzed
7.7
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server

2025-12-29
CVE-2025-14926
Analyzed
7.8
HP Multiple Products

Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability

2025-12-24
CVE-2025-14509
Analyzed
7.2
HP Multiple Products

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1

2025-12-31
CVE-2025-14502
Analyzed
9.8
HP Multiple Products

The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the templat...

2026-01-14
CVE-2025-14476
Analyzed
8.8
HP Multiple Products

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1

2025-12-14
CVE-2025-14431
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allow...

2026-01-09
CVE-2025-14430
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Busi...

2026-01-09
CVE-2025-14429
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland a...

2026-01-09
CVE-2025-14388
Analyzed
9.8
HP Multiple Products

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including,...

2025-12-24
CVE-2025-14359
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine oshin a...

2026-01-09
CVE-2025-14301
Analyzed
9.8
HP Multiple Products

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is du...

2026-01-14
CVE-2025-14091
Analyzed
7.3
HP Multiple Products

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555

2025-12-06
CVE-2025-14071
Analyzed
7.5
HP Multiple Products

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2

2025-12-21
CVE-2025-14044
Analyzed
8.1
HP Multiple Products

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1

2025-12-13
CVE-2025-13888
Analyzed
9.1
HP Multiple Products

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated perm...

2025-12-16
CVE-2025-13786
Analyzed
7.3
HP Multiple Products

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665

2025-12-01
CVE-2025-13773
Analyzed
9.8
HP Multiple Products

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5...

2025-12-24
CVE-2025-13675
Analyzed
9.8
HP Multiple Products

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.p...

2025-11-28
CVE-2025-13597
Analyzed
9.8
HP Multiple Products

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all ve...

2025-11-26
CVE-2025-13595
Analyzed
9.8
HP Multiple Products

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all...

2025-11-26
CVE-2025-13555
Analyzed
7.3
HP Multiple Products

A vulnerability was detected in Campcodes School File Management System 1

2025-11-23
CVE-2025-13247
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Tourism Management System 1

2025-11-17
CVE-2025-13145
Analyzed
7.2
HP Multiple Products

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includin...

2025-11-20
CVE-2025-13035
Analyzed
8
HP Multiple Products

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3

2025-11-20
CVE-2025-12867
Analyzed
7.2
HP Multiple Products

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell ba...

2025-11-11
CVE-2025-12844
Analyzed
7.1
HP Multiple Products

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3

2025-11-14
CVE-2025-12550
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse...

2026-01-09
CVE-2025-12549
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop...

2026-01-09
CVE-2025-12248
Analyzed
7.3
HP Multiple Products

A security vulnerability has been detected in CLTPHP 3

2025-10-27
CVE-2025-12099
Analyzed
7.2
HP Multiple Products

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up t...

2025-11-09
CVE-2025-11993
Analyzed
8.8
HP is vulnerable

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1

2026-05-29
CVE-2025-11675
Analyzed
7.2
HP Multiple Products

Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute we...

2025-10-13
CVE-2025-11507
Analyzed
7.3
HP Multiple Products

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1

2025-10-08
CVE-2025-11506
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

2025-10-08
CVE-2025-11505
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1

2025-10-08
CVE-2025-11503
Analyzed
7.3
HP Multiple Products

A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1

2025-10-08
CVE-2025-11416
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

2025-10-07
CVE-2025-11415
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1

2025-10-07
CVE-2025-11053
Analyzed
7.3
HP Multiple Products

A weakness has been identified in PHPGurukul Small CRM 4

2025-09-28
CVE-2025-11023
Analyzed
9.8
HP Multiple Products

Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...

2025-10-23
CVE-2025-10967
Analyzed
7.3
HP Multiple Products

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9

2025-09-25
CVE-2025-10664
Analyzed
7.3
HP Multiple Products

A vulnerability was determined in PHPGurukul Small CRM 4

2025-09-18
CVE-2025-10663
Analyzed
7.3
HP Multiple Products

A vulnerability was found in PHPGurukul Online Course Registration 3

2025-09-18
CVE-2025-10659
Analyzed
9.8
HP Multiple Products

The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-suppl...

2025-09-30
CVE-2025-10624
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul User Management System 1

2025-09-18
CVE-2025-10604
Analyzed
7.3
HP Multiple Products

A vulnerability was identified in PHPGurukul Online Discussion Forum 1

2025-09-18
CVE-2025-10603
Analyzed
7.3
HP Multiple Products

A vulnerability was determined in PHPGurukul Online Discussion Forum 1

2025-09-18
CVE-2025-10484
Analyzed
9.8
HP Multiple Products

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, a...

2026-01-17
CVE-2025-10459
Analyzed
7.3
HP Multiple Products

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

2025-09-15
CVE-2025-10403
Analyzed
7.3
HP Multiple Products

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1

2025-09-14
CVE-2025-10402
Analyzed
7.3
HP Multiple Products

A flaw has been found in PHPGurukul Beauty Parlour Management System 1

2025-09-14
CVE-2025-10079
Analyzed
7.3
HP Multiple Products

A flaw has been found in PHPGurukul Small CRM 4

2025-09-08
CVE-2024-55270
8.8
HP Multiple Products

phpgurukul Student Management System 1

2026-02-18
CVE-2024-54263
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allow...

2026-02-02
CVE-2024-51770
7.5
HP Multiple Products

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-15
CVE-2024-51769
Analyzed
7.5
HP Multiple Products

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-14
CVE-2024-51768
Analyzed
8
HP Multiple Products

An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-14
CVE-2024-51767
Analyzed
7.3
HP Multiple Products

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

2025-07-14
CVE-2024-51092
Analyzed
9.1
HP Multiple Products

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsC...

2026-05-09
CVE-2024-45438
Analyzed
9.1
HP Multiple Products

An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within t...

2025-08-21
CVE-2024-44659
Analyzed
9.8
HP Multiple Products

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.

2025-11-18
CVE-2024-44373
Analyzed
9.8
HP Multiple Products

A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path...

2025-08-19
CVE-2024-44065
Analyzed
9.8
HP Multiple Products

Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.

2025-12-27
CVE-2024-14010
Analyzed
9.8
HP Multiple Products

Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Atta...

2025-12-13
CVE-2024-13786
Analyzed
9.8
HP Multiple Products

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted...

2025-07-05
CVE-2023-54352
Analyzed
9.8
HP Seotheme

WordPress Seotheme contains a critical remote code execution vulnerability allowing unauthenticated attackers to upload and execute arbitrary PHP file...

2026-06-08
CVE-2023-54350
Analyzed
7.5
HP Augmented-Reality plugin

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to u...

2026-06-08
CVE-2023-54339
Analyzed
9.8
HP Multiple Products

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter...

2026-01-14
CVE-2023-54335
Analyzed
9.8
HP Multiple Products

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request....

2026-01-14
CVE-2023-53980
Analyzed
9.8
HP Multiple Products

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Atta...

2025-12-23
CVE-2023-53979
Analyzed
8.8
HP Multiple Products

MyBB 1

2025-12-23
CVE-2023-53971
Analyzed
8.8
HP Multiple Products

WebTareas 2

2025-12-23
CVE-2023-53963
Analyzed
9.8
HP Multiple Products

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary sh...

2025-12-23
CVE-2023-53957
Analyzed
9.8
HP Multiple Products

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers c...

2025-12-20
CVE-2023-53950
Analyzed
9.8
HP Multiple Products

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through...

2025-12-20
CVE-2023-53941
Analyzed
9.8
HP Multiple Products

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by in...

2025-12-19
CVE-2023-53930
Analyzed
9.8
HP Multiple Products

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipu...

2025-12-18
CVE-2023-53929
Analyzed
8.8
HP Multiple Products

phpMyFAQ 3

2025-12-18
CVE-2023-53927
Analyzed
8.8
HP Multiple Products

PHPJabbers Simple CMS 5

2025-12-18
CVE-2023-53926
Analyzed
9.8
HP Multiple Products

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries...

2025-12-18
CVE-2023-53923
Analyzed
9.8
HP Multiple Products

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserCo...

2025-12-18
CVE-2023-53922
Analyzed
9.8
HP Multiple Products

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload m...

2025-12-18
CVE-2023-53921
Analyzed
9.8
HP Multiple Products

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. A...

2025-12-18
CVE-2023-53914
Analyzed
9.8
HP Multiple Products

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in t...

2025-12-18
CVE-2023-53894
Analyzed
9.8
HP Multiple Products

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash valid...

2025-12-17
CVE-2023-53888
Analyzed
8.8
HP code through

Zomplog 3

2026-05-26
CVE-2023-50897
Analyzed
9.1
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media Fi...

2026-01-06
CVE-2022-50972
Analyzed
9.8
HP WooCommerce

WooCommerce 7.1.0 contains a remote code execution vulnerability allowing attackers to inject arbitrary PHP code via the product-type parameter.

2026-06-21
CVE-2022-50944
8.8
HP code injection

Aero CMS 0

2026-05-10
CVE-2022-50912
Analyzed
9.8
HP Multiple Products

ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. At...

2026-01-14
CVE-2022-50911
Analyzed
8.8
HP Multiple Products

Bitrix24 contains an authenticated remote code execution vulnerability that allows logged-in attackers to execute arbitrary system commands through th...

2026-01-14
CVE-2022-50905
Analyzed
9.8
HP Multiple Products

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS tha...

2026-01-14
CVE-2022-50894
Analyzed
9.8
HP Multiple Products

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting S...

2026-01-14
CVE-2022-50893
Analyzed
9.8
HP Multiple Products

VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a...

2026-01-14
CVE-2022-50794
Analyzed
9.8
HP Multiple Products

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers c...

2025-12-31
CVE-2022-50695
Analyzed
9.8
HP Multiple Products

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary ho...

2025-12-31
CVE-2022-50690
Analyzed
8.4
HP Multiple Products

Wondershare MirrorGo 2

2025-12-23
CVE-2021-47976
Analyzed
8.8
HP files by

TextPattern CMS 4

2026-05-17
CVE-2021-47966
8.2
HP Timeclock

PHP Timeclock 1

2026-05-16
CVE-2021-47964
8.8
HP code by

Schlix CMS 2

2026-05-16
CVE-2021-47956
Analyzed
8.2
HP with malicious

EgavilanMedia PHPCRUD 1

2026-05-17
CVE-2021-47943
8.8
HP files through

TextPattern CMS 4

2026-05-10
CVE-2021-47940
Analyzed
9.8
HP Plugin Download

An arbitrary file upload vulnerability in the Plugin Download WordPress plugin allows unauthenticated attackers to upload and execute malicious files...

2026-05-10
CVE-2021-47939
8.8
HP code into

Evolution CMS 3

2026-05-10
CVE-2021-47938
Analyzed
8.8
HP code by

ImpressCMS 1

2026-05-10
CVE-2021-47937
Analyzed
8.8
HP endpoint that

e107 CMS 2

2026-05-10
CVE-2021-47936
Analyzed
9.8
HP files disguised

A remote code execution vulnerability in OpenCATS allows unauthenticated attackers to execute arbitrary system commands by uploading malicious PHP fil...

2026-05-10
CVE-2021-47915
Analyzed
8.1
HP Multiple Products

PHP Melody version 3

2026-02-02
CVE-2021-47909
Analyzed
8.1
HP Multiple Products

Mult-E-Cart Ultimate 2

2026-02-02
CVE-2021-47900
Analyzed
9.8
HP Multiple Products

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system comma...

2026-01-28
CVE-2021-47853
Analyzed
8.8
HP Multiple Products

phpPgAdmin 7

2026-01-22
CVE-2021-47819
Analyzed
9.8
HP Multiple Products

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code exec...

2026-01-16
CVE-2021-47760
Analyzed
9.8
HP Multiple Products

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can downl...

2026-01-16
CVE-2021-47753
Analyzed
9.8
HP Multiple Products

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file...

2026-01-16
CVE-2021-4473
Analyzed
9.8
HP files into

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated...

2026-04-08
CVE-2020-37227
Analyzed
8.8
HP to achieve

HS Brand Logo Slider 2

2026-05-17
CVE-2020-37186
Analyzed
9.8
HP shell file

Chevereto 3.13.4 Core contains a remote code execution vulnerability where attackers can inject a PHP shell via the database table prefix parameter du...

2026-02-12
CVE-2020-37173
7.5
HP endpoint

AVideo Platform 8

2026-02-13
CVE-2020-37151
8.2
HP page through

phpMyChat Plus 1

2026-02-06
CVE-2020-37147
7.1
HP script to

ATutor 2

2026-02-07
CVE-2020-37141
8.2
HP script through

AMSS++ version 4

2026-02-07
CVE-2020-37123
Analyzed
9.8
HP to write

Pinger 1.0 contains a remote code execution vulnerability where unauthenticated attackers can inject shell commands into the ping and socket parameter...

2026-02-06
CVE-2020-37116
Analyzed
8.8
HP file to

GUnet OpenEclass 1

2026-02-04
CVE-2020-37113
Analyzed
8.8
HP file to

GUnet OpenEclass 1

2026-02-04
CVE-2020-37110
Analyzed
8.2
HP and common

60CycleCMS 2

2026-02-04
CVE-2020-37108
7.1
HP that allows

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail

2026-02-04
CVE-2020-37105
7.1
HP endpoint with

PMB 5

2026-02-04
CVE-2020-37090
Analyzed
9.8
HP files to

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can uplo...

2026-02-04
CVE-2020-37088
Analyzed
7.5
HP Multiple Products

School ERP Pro 1

2026-02-04
CVE-2020-37083
Analyzed
8.2
HP AddressBook

PHP AddressBook 9

2026-02-04
CVE-2020-37081
7.1
HP that allow

Fishing Reservation System 7

2026-02-04
CVE-2020-37080
Analyzed
9.8
HP administration component

webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete...

2026-02-04
CVE-2020-37076
Analyzed
8.2
HP that allows

Victor CMS version 1

2026-02-04
CVE-2020-37073
Analyzed
8.8
HP files with

Victor CMS 1

2026-02-04
CVE-2020-37071
Analyzed
9.8
HP code through

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a c...

2026-02-04
CVE-2020-37035
Analyzed
8.2
HP Multiple Products

e-Learning PHP Script 0

2026-01-31
CVE-2020-37012
Analyzed
9.8
HP Multiple Products

Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /ap...

2026-01-30
CVE-2020-36997
Analyzed
9.8
HP Multiple Products

BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malic...

2026-01-30
CVE-2020-36951
Analyzed
8.2
HP Multiple Products

Phpscript-sgh 0

2026-01-28
CVE-2020-26799
Analyzed
9.8
HP Multiple Products

A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal oth...

2025-07-22
CVE-2019-25763
Analyzed
9.8
HP Ultimate Addons for Beaver Builder

Ultimate Addons for Beaver Builder contains an authentication bypass flaw in its social login functionality, allowing unauthorized access via crafted...

2026-06-21
CVE-2019-25727
Analyzed
9.8
HP Plugin ad manager wd

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability allowing unauthenticated attackers to read sensitive system fi...

2026-06-05
CVE-2019-25710
8.2
HP endpoint that

Dolibarr ERP-CRM 8

2026-04-13
CVE-2019-25707
7.1
HP with crafted

eBrigade ERP 4

2026-04-13
CVE-2019-25703
7.1
HP endpoint with

ImpressCMS 1

2026-04-13
CVE-2019-25697
8.2
HP with malicious

CMSsite 1

2026-04-13
CVE-2019-25693
7.1
HP Multiple Products

ResourceSpace 8

2026-04-13
CVE-2019-25687
Analyzed
9.8
HP CMS

Pegasus CMS 1.0 is vulnerable to unauthenticated remote code execution via the extra_fields.php plugin due to unsafe eval() usage.

2026-04-06
CVE-2019-25685
8.8
HP objects that

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functio...

2026-04-06
CVE-2019-25678
8.2
HP endpoint with

C4G Basic Laboratory Information System 3

2026-04-06
CVE-2019-25675
8.2
HP to read

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose se...

2026-04-06
CVE-2019-25674
8.2
HP with malicious

CMSsite 1

2026-04-06
CVE-2019-25673
8.8
HP files with

UniSharp Laravel File Manager v2

2026-04-06
CVE-2019-25668
Analyzed
8.2
HP News Website Script

News Website Script 2

2026-04-06
CVE-2019-25664
7.1
HP endpoint to

SuiteCRM 7

2026-04-06
CVE-2019-25647
8.8
HP files by

PhreeBooks ERP 5

2026-03-25
CVE-2019-25643
8.2
HP with crafted

eNdonesia Portal v8

2026-03-25
CVE-2019-25642
8.2
HP Multiple Products

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting mali...

2026-03-25
CVE-2019-25641
8.2
HP with malicious

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL...

2026-03-25
CVE-2019-25640
8.2
HP to extract

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and...

2026-03-25
CVE-2019-25636
8.2
HP with malicious

Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code...

2026-03-25
CVE-2019-25630
8.8
HP files through

PhreeBooks ERP 5

2026-03-25
CVE-2019-25613
7.5
HP endpoint and

Easy Chat Server 3

2026-03-23
CVE-2019-25580
8.2
HP with crafted

ownDMS 4

2026-03-22
CVE-2019-25579
Analyzed
7.5
HP Multiple Products

phpTransformer 2016

2026-03-22
CVE-2019-25578
8.2
HP with SQL

phpTransformer 2016

2026-03-22
CVE-2019-25573
7.1
HP with

Green CMS 2

2026-03-22
CVE-2019-25543
8.2
HP with malicious

Netartmedia Real Estate Portal 5

2026-03-13
CVE-2019-25542
8.2
HP with malicious

Netartmedia Real Estate Portal 5

2026-03-13
CVE-2019-25541
8.2
HP Mall

Netartmedia PHP Mall 4

2026-03-13
CVE-2019-25540
8.2
HP Mall

Netartmedia PHP Mall 4

2026-03-13
CVE-2019-25539
8.2
HP with crafted

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL cod...

2026-03-13
CVE-2019-25537
8.2
HP with malicious

Netartmedia Event Portal 2

2026-03-13
CVE-2019-25536
8.2
HP Real Estate

Netartmedia PHP Real Estate Agency 4

2026-03-13
CVE-2019-25535
8.2
HP Dating Site

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting S...

2026-03-13
CVE-2019-25534
8.2
HP Car Dealer

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting...

2026-03-13
CVE-2019-25533
8.2
HP Business Directory

Netartmedia PHP Business Directory 4

2026-03-13
CVE-2019-25532
8.2
HP with crafted

Netartmedia Jobs Portal 6

2026-03-13
CVE-2019-25531
8.2
HP that allows

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction

2026-03-13
CVE-2019-25530
8.2
HP with malicious

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL cod...

2026-03-13
CVE-2019-25524
8.2
HP with malicious

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-13
CVE-2019-25523
8.2
HP with malicious

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-13
CVE-2019-25522
8.2
HP with malicious

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL...

2026-03-13
CVE-2019-25521
8.2
HP with malicious

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-13
CVE-2019-25520
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated atta...

2026-03-13
CVE-2019-25519
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ma...

2026-03-13
CVE-2019-25518
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25517
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25516
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25515
7.5
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login

2026-03-14
CVE-2019-25514
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...

2026-03-13
CVE-2019-25513
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25512
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the k...

2026-03-13
CVE-2019-25511
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25510
8.2
HP Hazir Haber

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated atta...

2026-03-13
CVE-2019-25509
8.2
HP with malicious

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-13
CVE-2019-25508
8.2
HP Hazir Ilan

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries...

2026-03-13
CVE-2019-25507
8.2
HP with malicious

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting...

2026-03-05
CVE-2019-25506
8.2
HP Multiple Products

FreeSMS 2

2026-03-05
CVE-2019-25503
7.1
HP Multiple Products

PHPads 2

2026-03-05
CVE-2019-25501
8.2
HP with crafted

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through...

2026-03-05
CVE-2019-25499
8.2
HP with malicious

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-03-05
CVE-2019-25497
8.2
HP with malicious

osCommerce 2

2026-02-28
CVE-2019-25496
8.2
HP requests and

osCommerce 2

2026-02-28
CVE-2019-25495
8.2
HP with malicious

osCommerce 2

2026-02-28
CVE-2019-25493
8.2
HP endpoint with

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...

2026-02-28
CVE-2019-25492
8.2
HP endpoint with

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...

2026-02-28
CVE-2019-25491
8.2
HP endpoint with

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throug...

2026-02-28
CVE-2019-25490
8.2
HP endpoint with

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through...

2026-02-28
CVE-2019-25488
8.2
HP endpoint to

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipul...

2026-03-13
CVE-2019-25482
8.2
HP Hazir Rent

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu...

2026-03-13
CVE-2019-25471
Analyzed
9.8
HP FileThingie

FileThingie 2.5.7 is vulnerable to arbitrary file upload via the ft2.php endpoint, allowing attackers to execute remote commands by uploading and unzi...

2026-03-12
CVE-2019-25454
7.2
HP with script

phpMoAdmin 1

2026-02-22
CVE-2019-25452
8.2
HP endpoint that

Dolibarr ERP/CRM 10

2026-02-23
CVE-2019-25450
7.1
HP endpoints to

Dolibarr ERP/CRM 10

2026-02-23
CVE-2019-25446
8.2
HP with malicious

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code t...

2026-02-23
CVE-2019-25443
8.2
HP to execute

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th...

2026-02-23
CVE-2019-25440
8.2
HP with malicious

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code throu...

2026-02-23
CVE-2019-25438
8.2
HP or the

LabCollector 5

2026-02-21
CVE-2019-25433
8.2
HP endpoint with

XOOPS CMS 2

2026-02-23
CVE-2019-25391
8.2
HP endpoint with

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the...

2026-02-23
CVE-2019-25342
7.5
HP endpoint with

Centova Cast 3

2026-02-14
CVE-2019-25337
Analyzed
9.8
HP parameter to

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endp...

2026-02-13
CVE-2019-25325
8.2
HP endpoint that

Thrive Smart Home 1

2026-02-13
CVE-2019-25260
Analyzed
8.2
HP code into

OXID eShop versions 6

2026-02-04
CVE-2018-25425
Analyzed
8.2
HP with crafted

Yot CMS 3

2026-06-01
CVE-2018-25424
Analyzed
8.2
HP with SQL

Gate Pass Management System 2

2026-06-01
CVE-2018-25422
Analyzed
8.2
HP with crafted

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting...

2026-06-01
CVE-2018-25420
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25419
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25418
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25417
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25416
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25415
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25414
Analyzed
8.2
HP with crafted

AiOPMSD Final 1

2026-06-01
CVE-2018-25412
Analyzed
9.8
HP Sql

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability allowing unauthenticated remote code execution via POST requests to docs_upload.php.

2026-05-31
CVE-2018-25411
Analyzed
8.2
HP with crafted

MGB OpenSource Guestbook 0

2026-06-01
CVE-2018-25409
Analyzed
8.8
HP code through

SIM-PKH 2

2026-05-31
CVE-2018-25388
Analyzed
8.8
HP files through

HaPe PKH 1

2026-05-30
CVE-2018-25335
Analyzed
9.8
HP Plugin Peugeot

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability allowing unauthenticated remote code execution via the upload.php e...

2026-05-18
CVE-2018-25333
Analyzed
8.2
HP Multiple Products

Nordex N149/4

2026-05-18
CVE-2018-25325
Analyzed
7.5
HP outside the

Woocommerce CSV Importer 3

2026-05-18
CVE-2018-25319
Analyzed
7.1
HP page with

Redaxo CMS Addon MyEvents 2

2026-05-18
CVE-2018-25300
8.2
HP with malicious

XATABoost CMS 1

2026-04-30
CVE-2018-25270
Analyzed
9.8
HP code by

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute commands via malicious routing paramet...

2026-04-23
CVE-2018-25248
Analyzed
7.2
HP Downloads Plugin

MyBB Downloads Plugin 2

2026-04-05
CVE-2018-25221
Analyzed
9.8
HP endpoint that

EChat Server 3.1 contains a remote buffer overflow in the chat.ghp endpoint via the username parameter, allowing unauthenticated arbitrary code execut...

2026-03-29
CVE-2018-25209
8.2
HP with malicious

OpenBiz Cubi Lite 3

2026-03-27
CVE-2018-25203
8.2
HP with the

Online Store System CMS 1

2026-03-27
CVE-2018-25197
8.2
HP with option

PlayJoom 0

2026-03-07
CVE-2018-25196
8.2
HP with malicious

ServerZilla 1

2026-03-07
CVE-2018-25195
8.2
HP with action

Wecodex Hotel CMS 1

2026-03-27
CVE-2018-25194
8.2
HP endpoint with

Nominas 0

2026-03-07
CVE-2018-25192
8.2
HP endpoint with

GPS Tracking System 2

2026-03-07
CVE-2018-25191
7.1
HP endpoint with

Facturation System 1

2026-03-08
CVE-2018-25189
8.2
HP that allows

Data Center Audit 2

2026-03-07
CVE-2018-25182
8.2
HP with crafted

Silurus Classifieds Script 2

2026-03-07
CVE-2018-25178
7.5
HP with arbitrary

Easyndexer 1

2026-03-07
CVE-2018-25175
8.2
HP with SQL

Alienor Web Libre 2

2026-03-07
CVE-2018-25173
8.2
HP with malicious

Rmedia SMS 1

2026-03-07
CVE-2018-25172
8.2
HP endpoint with

Pedidos 1

2026-03-07
CVE-2018-25170
8.2
HP endpoint with

DoceboLMS 1

2026-03-07
CVE-2018-25167
8.2
HP that allows

Net-Billetterie 2

2026-03-07
CVE-2018-25158
8.8
HP files through

Chamilo LMS 1

2026-02-21
CVE-2017-20275
Analyzed
8.2
HP PHP-Bridge

Joomla! Component PHP-Bridge 1

2026-06-21
CVE-2017-20251
Analyzed
9.8
HP Insert PHP

The WordPress Insert PHP plugin contains a PHP code injection vulnerability allowing unauthenticated remote code execution via the REST API.

2026-06-10
CVE-2017-20216
Analyzed
9.8
HP Multiple Products

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFl...

2026-01-08
CVE-2016-20052
Analyzed
9.8
HP executables to

Snews CMS 1.7 contains an unrestricted file upload vulnerability, allowing unauthenticated attackers to upload and execute arbitrary PHP files to achi...

2026-04-05
CVE-2016-10033
KEV Analyzed
9.5
HP PHPMailer

PHPMailer Command Injection Vulnerability - Recently added to CISA KEV.

2025-07-07
CVE-2015-20121
8.2
HP and the

Next Click Ventures RealtyScript 4

2026-03-17
CVE-2015-20118
7.2
HP endpoint with

Next Click Ventures RealtyScript 4

2026-03-17
CVE-2015-20115
7.2
HP when accessed

Next Click Ventures RealtyScript 4

2026-03-17
CVE-2014-125127
Analyzed
7.5
HP Multiple Products

The mikecao/flight PHP framework in versions prior to v1

2025-09-03
CVE-2012-10020
Analyzed
9.8
HP Multiple Products

The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions u...

2025-07-24
CVE-2011-10018
Analyzed
9.8
HP Multiple Products

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitra...

2025-08-14