PHP Remote File Inclusion in Nika WordPress theme by thembay.
GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.
Xmind fails to display adequate security warnings when users open file attachments, enabling remote code execution with the privileges of the current user. An attacker can exploit this by tricking users into opening malicious files or visiting crafted pages, with the unsafe action proceeding without proper user notification. No patch is currently available.
Remote code execution in GIMP through heap buffer overflow during ICNS file parsing allows attackers to execute arbitrary code when a user opens a malicious image file. The vulnerability stems from insufficient validation of user-supplied data lengths before copying to heap memory, requiring only user interaction to trigger. A patch is available for affected installations.
Remote code execution in Sante DICOM Viewer Pro via buffer overflow when parsing malicious DCM files allows attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient validation of user-supplied data length before copying to a buffer, requiring user interaction such as opening a malicious file or visiting a compromised page. No patch is currently available for this high-severity flaw.
OpenClaw versions prior to 2026.2.15 fail to sanitize workspace directory paths before injecting them into LLM prompts, allowing local attackers with execution privileges to inject malicious instructions through control characters and Unicode markers in directory names. An attacker can exploit this prompt injection vulnerability to manipulate the AI assistant's behavior and execute unintended commands. A patch is available in version 2026.2.15 and later.
Local privilege escalation in TensorFlow's HDF5 plugin-loading mechanism lets a low-privileged user run arbitrary code as a higher-privileged target user. The flaw stems from TensorFlow loading plugins from an unsecured, attacker-writable search-path location (CWE-427), so an attacker who can already execute low-privileged code plants a malicious plugin that is later loaded in the victim's context. There is no public exploit identified at time of analysis, EPSS risk is very low (0.02%), and it is not listed in CISA KEV, but the issue is credibly reported by Trend Micro ZDI (ZDI-26-116) and patched by upstream and Red Hat.
Arbitrary code execution with administrative privileges in RICOH Job Log Aggregation Tool versions before 1.3.7 due to insecure DLL search path handling. Local attackers with user interaction can execute malicious code by placing a crafted DLL in the installer's search path. No patch is currently available.
Arbitrary code execution in ADB Explorer version 0.9.26020 and earlier on Windows allows local attackers to execute malicious binaries by manipulating the ManualAdbPath configuration setting without integrity validation. An attacker can exploit this through social engineering by distributing a crafted settings file that redirects the application to a malicious executable, gaining code execution with user privileges. The vulnerability requires user interaction to launch the application with a malicious configuration directory.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 7.7 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7. [CVSS 7.7 HIGH]
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. [CVSS 7.6 HIGH]
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. [CVSS 7.6 HIGH]
Authentication bypass leading to administrator-level remote code execution affects MLflow installations that use the built-in basic authentication, which ships a basic_auth.ini file containing hard-coded default credentials. Remote unauthenticated attackers who know these well-known defaults can log in as the administrator and execute arbitrary code in that context. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the EPSS score of 1.39% (80th percentile) reflects above-average exploitation interest for a Trend Micro ZDI-disclosed flaw with an available vendor patch.
Jetpack CRM versions 6.7.0 and earlier contain a local file inclusion vulnerability in their PHP code that allows attackers to manipulate file inclusion statements and access arbitrary files on the server. An unauthenticated attacker can exploit this through a user interaction to read sensitive files or potentially execute arbitrary code with high impact. No patch is currently available for this vulnerability.
whatwouldjessedo Simple Retail Menus simple-retail-menus is affected by php remote file inclusion (CVSS 7.5).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. [CVSS 7.5 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack - Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack - Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1. [CVSS 7.5 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. [CVSS 7.5 HIGH]
WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by php remote file inclusion (CVSS 6.3).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 7.5 HIGH]
WP FullCalendar plugin version 1.6 and earlier for WordPress contains an authorization bypass vulnerability that allows unauthenticated attackers to modify calendar data and disrupt service availability. The weak access control implementation enables remote exploitation without requiring user interaction or special network conditions. Organizations running affected versions should upgrade immediately as no patch is currently available.
mdalabar WooODT Lite byconsole-woo-order-delivery-time is affected by authentication bypass by spoofing (CVSS 7.5).
themeplugs Authorsy authorsy is affected by authorization bypass through user-controlled key (CVSS 7.5).
WP Job Portal versions 2.4.4 and earlier contain an authorization bypass flaw that allows unauthenticated attackers to access sensitive information by exploiting improperly configured access controls. An attacker can remotely exploit this vulnerability without user interaction to gain unauthorized visibility into restricted data. No patch is currently available for this vulnerability.
modeltheme ModelTheme Framework modeltheme-framework is affected by missing authorization (CVSS 7.5).
Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. [CVSS 7.5 HIGH]
XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite is affected by missing authorization (CVSS 7.5).
Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. [CVSS 7.5 HIGH]
Shiprocket Shiprocket shiprocket is affected by authorization bypass through user-controlled key (CVSS 7.4).
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through <= 026.02.10.20. [CVSS 7.5 HIGH]
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4. [CVSS 7.5 HIGH]
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. [CVSS 7.5 HIGH]
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. [CVSS 7.5 HIGH]
Wi-Fi routers lacking management frame protection are susceptible to forged deauthentication and disassociation attacks, enabling unauthenticated remote attackers to disconnect legitimate users and disrupt network availability. This vulnerability allows attackers to broadcast spoofed wireless management frames without credentials, creating denial-of-service conditions affecting all connected devices. No patch is currently available for this high-severity issue.
Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by authorization bypass through user-controlled key (CVSS 5.4).
HTTP Basic Authentication over unencrypted connections in the device's embedded web interface allows attackers on the same network to passively intercept and capture user credentials. This cleartext transmission of authentication data exposes administrative access to network-based eavesdropping attacks. The lack of HTTPS/TLS support creates a significant credential compromise risk for affected devices with no available patch.
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.
soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce is affected by missing authorization (CVSS 6.3).
PDF-XChange Editor's TrackerUpdate process loads libraries from an unsecured location, enabling local attackers with low-privileged code execution to escalate privileges and run arbitrary code with elevated permissions. This high-severity vulnerability (CVSS 7.3) affects systems where an attacker has already gained initial code execution access. No patch is currently available.
XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).
Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. [CVSS 7.2 HIGH]
vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor is affected by missing authorization (CVSS 7.1).
PixelYourSite plugin versions up to 11.2.0.1 contain a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages without authentication. An attacker can exploit this to execute arbitrary JavaScript in the browsers of site visitors, potentially stealing session data or performing unauthorized actions on behalf of users. No patch is currently available for this vulnerability.
Reflected cross-site scripting in fox-themes Whizz Plugins version 1.9 and earlier allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by victims, potentially leading to session hijacking, credential theft, or malware distribution. The vulnerability requires user interaction to trigger and can affect all visitors to a compromised site due to its cross-site impact. No patch is currently available.
DOM-based cross-site scripting in ThemeGoods PhotoMe through version 5.7.1 enables attackers to inject malicious scripts that execute in users' browsers without authentication. An attacker can exploit this vulnerability to steal sensitive data, hijack user sessions, or perform unauthorized actions on behalf of affected users. No patch is currently available, and exploitation requires user interaction to trigger the payload.
Reflected XSS in fox-themes Reflector plugin versions up to 1.2.2 enables attackers to inject malicious scripts into web pages viewed by victims, potentially allowing theft of session cookies, credentials, or sensitive data through user interaction. The vulnerability requires no authentication and can spread across security boundaries, affecting all users who click malicious links. No patch is currently available.