|
3801
|
8.1 |
HIGH
Network
|
-
|
-
|
Control inadecuado del nombre de fichero para la declaración include/require en un programa PHP ('inclusión remota de ficheros PHP') vulnerabilidad en Mikado-Themes Curly Core curly-core permite la i…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27047
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3802
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.Thi…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27048
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3803
|
8.1 |
HIGH
Network
|
-
|
-
|
La vulnerabilidad de control inadecuado del nombre de fichero para la declaración Include/Require en el programa PHP ('Inclusión remota de ficheros PHP') en Elated-Themes The Aisle Core theaisle-core…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-27048
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3804
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-27049
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3805
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo en NooTheme Jobica Core jobica-core permite el abuso de autenticación. Este problema afecta a Jobica Core: desde n/a h…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-27049
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3806
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-27051
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3807
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de Asignación Incorrecta de Privilegios en uxper Golo golo permite la escalada de privilegios. Este problema afecta a Golo: desde n/d hasta <= 1.7.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-27051
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3808
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27054
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3809
|
7.1 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en PenciDesign Penci Soledad Data Migrator penci-data-migrator permite XSS Refl…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27054
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3810
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7.
|
CWE-862
Missing Authorization
|
CVE-2026-27071
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
