|
3131
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.Thi…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27048
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3132
|
8.1 |
HIGH
Network
|
-
|
-
|
La vulnerabilidad de control inadecuado del nombre de fichero para la declaración Include/Require en el programa PHP ('Inclusión remota de ficheros PHP') en Elated-Themes The Aisle Core theaisle-core…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27048
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3133
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-27049
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3134
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo en NooTheme Jobica Core jobica-core permite el abuso de autenticación. Este problema afecta a Jobica Core: desde n/a h…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-27049
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3135
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-27051
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3136
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de Asignación Incorrecta de Privilegios en uxper Golo golo permite la escalada de privilegios. Este problema afecta a Golo: desde n/d hasta <= 1.7.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-27051
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3137
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27054
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3138
|
7.1 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en PenciDesign Penci Soledad Data Migrator penci-data-migrator permite XSS Refl…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27054
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3139
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7.
|
CWE-862
Missing Authorization
|
CVE-2026-27071
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3140
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de autorización faltante en Arraytics WPCafe wp-cafe permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WPCafe: de…
|
CWE-862
Missing Authorization
|
CVE-2026-27071
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
