|
3511
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion.
This issue affects Con…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-53440
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3512
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion.
This issue affec…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-58024
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3513
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion.
This issue affects Crafti…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-58705
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3514
|
8.1 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection.
This issue affects Aperitif: from n/a through 1.6.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39550
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3515
|
8.1 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection.
This issue affects Töbel: from n/a through 1.8.1.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39551
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3516
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects EventPrime: from n/a through 4.3.2.0.
|
CWE-862
Missing Authorization
|
CVE-2026-42669
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3517
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection.
This issue affects WP Job Portal: from n/a throu…
|
CWE-89
SQL Injection
|
CVE-2026-42684
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3518
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS.
This issue affects WP Job Portal: from n/a through 2.5…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42685
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3519
|
6.5 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
|
CWE-863
Incorrect Authorization
|
CVE-2026-49376
|
2026-06-2 21:39 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3520
|
4.3 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
|
CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
|
CVE-2026-49377
|
2026-06-2 21:38 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
