|
1361
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes i…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-1555
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1541
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` …
|
CWE-94
Code Injection
|
CVE-2026-1509
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_…
|
CWE-862
Missing Authorization
|
CVE-2026-1314
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1…
|
CWE-22
Path Traversal
|
CVE-2025-15470
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost es un software de wiki y documentación colaborativo de código abierto. Desde g y antes de 0.25.0, la funcionalidad de página compartida pública en Docmost no escapa correctamente los títulos …
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragm…
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
7.8 |
HIGH
Local
|
-
|
-
|
Se encontró una falla en libxslt donde los atributos type, atype y flags se modifican de forma que corrompe la gestión de memoria interna. Cuando las funciones XSLT, como el proceso key(), generan fr…
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
7.5 |
HIGH
Network
|
xmlsoft
redhat
|
libxslt
openshift_container_platform
enterprise_linux
|
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allow…
|
CWE-843
Type Confusion
|
CVE-2025-7424
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
