|
3121
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31.
|
CWE-22
Path Traversal
|
CVE-2026-27040
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3122
|
8.8 |
HIGH
Network
|
-
|
-
|
Limitación Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') vulnerabilidad en AA-Team WZone woozone permite el Salto de Ruta. Este problema afecta a WZone: desde n/a hast…
|
CWE-22
Path Traversal
|
CVE-2026-27040
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3123
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through …
|
CWE-94
Code Injection
|
CVE-2026-27044
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3124
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de control inadecuado de la generación de código ('Inyección de código') en TotalSuite Total Poll Lite totalpoll-lite permite la inclusión remota de código. Este problema afecta a Tota…
|
CWE-94
Code Injection
|
CVE-2026-27044
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3125
|
8.8 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-27045
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3126
|
8.8 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de deserialización de datos no confiables en sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll permite la inyección de objetos. Este problema afecta a WooCommerce Inf…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-27045
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3127
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through…
|
CWE-862
Missing Authorization
|
CVE-2026-27046
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3128
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad de Autorización Faltante en Kaira StoreCustomizer woocustomizer permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a StoreCus…
|
CWE-862
Missing Authorization
|
CVE-2026-27046
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3129
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27047
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3130
|
8.1 |
HIGH
Network
|
-
|
-
|
Control inadecuado del nombre de fichero para la declaración include/require en un programa PHP ('inclusión remota de ficheros PHP') vulnerabilidad en Mikado-Themes Curly Core curly-core permite la i…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27047
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
