Skip to main content
CVE-2026-22395 HIGH This Week

Mikado-Themes Fiorello through version 1.0 contains a local file inclusion vulnerability in its PHP code that fails to properly validate filenames used in include/require statements, enabling attackers to read arbitrary files on the affected server. The vulnerability requires specific conditions to exploit but carries high impact, allowing unauthorized access to sensitive data and potential code execution. No security patch is currently available for this vulnerability.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22394 HIGH This Week

Mikado-Themes Evently plugin version 1.7 and earlier contains a local file inclusion vulnerability in its PHP include/require handling that enables attackers to read arbitrary files from the server without authentication. The flaw stems from improper filename validation, allowing unauthenticated remote attackers to disclose sensitive information such as configuration files and source code. No patch is currently available for affected installations.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22392 HIGH This Week

Mikado-Themes Cortex version 1.5 and earlier contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this vulnerability.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22389 HIGH This Week

Mikado-Themes Cocco versions up to 1.5.1 contain a local file inclusion vulnerability in PHP file handling that enables attackers to read arbitrary files on affected systems. An unauthenticated remote attacker can exploit improper input validation in include/require statements to access sensitive data without authentication. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22387 HIGH This Week

Mikado-Themes Aviana through version 2.1 contains a local file inclusion vulnerability in PHP that enables attackers to read arbitrary files on the server through improper handling of include/require statements. An unauthenticated remote attacker can exploit this weakness to access sensitive files and potentially execute arbitrary code, though no patch is currently available. The vulnerability carries a CVSS score of 8.1 and affects all versions up to and including Aviana 2.1.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-22385 HIGH This Week

PHP Local File Inclusion in Wolmart through version 1.9.6 enables unauthenticated attackers over the network to read arbitrary files on affected systems due to improper input validation in file inclusion functions. The vulnerability carries high impact potential for confidentiality and integrity, though no patch is currently available. An attacker with network access can leverage this flaw to access sensitive configuration files, source code, or other protected resources without authentication.

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69339 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16. [CVSS 8.1 HIGH]

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69090 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4. [CVSS 8.1 HIGH]

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-53335 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through <= 1.1.1. [CVSS 8.1 HIGH]

PHP LFI Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-1321 HIGH This Week

Unauthenticated attackers can escalate privileges in WordPress installations using the Membership Plugin - Restrict Content (versions up to 3.2.20) by registering with arbitrary membership levels, including inactive levels or those granting administrator access, due to insufficient validation of the rcp_level parameter. This allows attackers to bypass payment requirements and gain unauthorized administrative roles without authentication. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-3009 HIGH PATCH This Week

Keycloak's IdentityBrokerService.performLogin endpoint fails to enforce disabled Identity Provider restrictions, allowing attackers with knowledge of an IdP alias to reuse previous login requests and authenticate through administratively disabled external providers. This authentication bypass affects any Keycloak deployment relying on IdP disablement as an access control mechanism. An attacker can exploit this to gain unauthorized access by circumventing intended administrative restrictions on external authentication sources.

Authentication Bypass Build Of Keycloak Jboss Enterprise Application Platform Jboss Enterprise Application Platform Expansion Pack Single Sign On
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28458 HIGH PATCH This Week

Openclaw versions up to 2026.2.1 is affected by missing authentication for critical function (CVSS 8.1).

Authentication Bypass Information Disclosure Openclaw
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28472 HIGH PATCH This Week

Openclaw versions up to 2026.2.2 is affected by missing authentication for critical function (CVSS 8.1).

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-27369 HIGH This Week

BoldThemes Celeste versions 1.3.6 and earlier are vulnerable to unsafe deserialization that enables arbitrary object injection attacks over the network without authentication. An attacker can exploit this to achieve remote code execution or other malicious operations on affected systems. No patch is currently available for this vulnerability.

Deserialization
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-27098 HIGH This Week

Unsafe deserialization in the Au Pair Agency theme (versions up to 1.2.2) enables object injection attacks that could allow remote code execution on affected WordPress sites. An unauthenticated attacker can exploit this vulnerability to inject malicious objects and compromise server integrity, confidentiality, and availability. No patch is currently available.

Deserialization
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28473 HIGH PATCH This Week

OpenClaw prior to version 2026.2.2 allows authenticated users with operator.write scope to bypass approval controls and resolve execution requests through a chat command that circumvents authorization checks. An attacker with this scope can approve or deny exec approval requests without having the required operator.approvals permission, effectively gaining unauthorized approval authority. A patch is available for affected installations.

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28410 HIGH PATCH This Week

Premature token unlock in Graph Protocol Contracts versions before 3.0.0 allows authenticated users to bypass vesting restrictions and access locked tokens before their scheduled release date. An attacker with valid credentials can manipulate the vesting contract logic to drain funds that should remain locked, resulting in unauthorized token theft. A patch is available in version 3.0.0.

Authentication Bypass Graph Protocol Contracts
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-26417 HIGH This Week

Cognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers to reset passwords for any user account through specially crafted requests. This broken access control vulnerability affects Cognix Recon Client v3.0 and carries high severity due to the potential for unauthorized account takeovers. No patch is currently available.

Authentication Bypass Cognix Platform
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28447 HIGH PATCH This Week

OpenClaw 2026.1.29-beta.1 through 2026.2.0 is vulnerable to path traversal during plugin installation, enabling attackers to write arbitrary files outside the intended extensions directory by crafting malicious package names with traversal sequences. An unauthenticated attacker can exploit this when users execute the plugin install command, potentially achieving arbitrary file write capabilities on the affected system. A patch is available in version 2026.2.1.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-2836 HIGH PATCH This Week

Pingora's default HTTP cache key implementation excludes the host header when generating cache keys, allowing attackers to poison the cache and serve cross-origin responses to victims. This affects deployments using the default CacheKey implementation in multi-tenant environments, where an attacker could cause users from one tenant to receive cached responses belonging to another tenant. No patch is currently available for this high-severity vulnerability.

Authentication Bypass Pingora Cloudflare
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28405 HIGH PATCH This Week

MarkUs prior to version 2.9.1 fails to sanitize user-submitted file contents in the HTML rendering endpoint, allowing authenticated users with UI interaction to inject malicious scripts that execute in other users' browsers. An attacker can exploit this reflected cross-site scripting vulnerability to steal session tokens, modify grades, or perform actions on behalf of affected students and instructors. The vulnerability has been patched in version 2.9.1.

XSS Markus
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-27749 HIGH This Week

Arbitrary code execution as SYSTEM in Avira Internet Security's System Speedup component occurs when the privileged RealTimeOptimizer.exe process deserializes untrusted .NET binary data from a world-writable ProgramData location without validation. A local attacker can craft a malicious serialized payload to achieve immediate privilege escalation and full system compromise. No patch is currently available for this high-severity vulnerability.

Deserialization RCE Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27748 HIGH This Week

Avira Internet Security's Software Updater fails to validate symbolic links when deleting files during updates, allowing a local attacker to redirect SYSTEM-level file deletion operations to arbitrary targets. An authenticated local user can exploit this improper link resolution to delete critical system files, potentially achieving privilege escalation, denial of service, or compromising system integrity. No patch is currently available.

Denial Of Service Privilege Escalation Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26034 HIGH This Week

Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).

Privilege Escalation RCE Ups Multi Ups Management Console
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-27750 HIGH This Week

Internet Security contains a vulnerability that allows attackers to deletion of protected files or directories and can lead to local privilege escal (CVSS 7.8).

Denial Of Service Privilege Escalation Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28393 HIGH PATCH This Week

Arbitrary JavaScript execution in OpenClaw versions prior to 2026.2.14 results from improper path validation in the hook transform module loader, allowing attackers with configuration write access to load malicious modules with gateway process privileges. The vulnerability affects the hooks.mappings[].transform.module parameter, which fails to restrict absolute paths and directory traversal sequences. A patch is available.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-28468 HIGH PATCH This Week

Openclaw versions up to 2026.2.14 is affected by missing authentication for critical function (CVSS 7.7).

Authentication Bypass Openclaw
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-29053 HIGH PATCH This Week

Arbitrary code execution in Ghost CMS versions 0.7.2 through 6.19.0 allows authenticated attackers with theme upload privileges to execute malicious code on the server by crafting specially designed theme files. The vulnerability affects Ghost installations running on Node.js and requires high privileges to exploit, though successful attacks compromise complete server integrity with confidentiality, integrity, and availability impact. No patch is currently available for affected versions.

Node.js Ghost
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-29609 HIGH PATCH This Week

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-28039 HIGH This Week

Local file inclusion in wpDataTables plugin for WordPress (versions up to 6.5.0.1) enables authenticated attackers to read arbitrary files from the web server filesystem with high complexity conditions. An attacker with low-privilege access can include PHP files or extract sensitive configuration data (database credentials, API keys) from readable server files. EPSS score of 0.13% (32nd percentile) indicates low observed exploitation probability, with no CISA KEV listing or public POC identified at time of analysis. Patchstack researchers disclosed this as a PHP local file inclusion weakness (CWE-98) exploitable over the network.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28478 HIGH PATCH This Week

OpenClaw versions up to 2026.2.13 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69534 HIGH PATCH This Week

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. [CVSS 7.5 HIGH]

Python Denial Of Service Information Disclosure Markdown
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26418 HIGH This Week

Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to access restricted application functionality over the network. This vulnerability affects Tata Consultancy Services Cognix Recon Client v3.0 and poses a high risk due to its ease of exploitation and lack of authentication requirements. No patch is currently available.

Authentication Bypass Cognix Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28453 HIGH PATCH This Week

OpenClaw before version 2026.2.14 fails to properly validate file paths when extracting TAR archives, enabling attackers to use path traversal sequences to write files outside the intended extraction directory. An unauthenticated remote attacker can exploit this to overwrite configuration files or inject malicious code into the system. A patch is available for affected versions.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28462 HIGH PATCH This Week

OpenClaw versions before 2026.2.13 suffer from a path traversal vulnerability in the browser control API that allows authenticated attackers to write arbitrary files outside designated temporary directories via the trace and download endpoints. An attacker with API access can exploit this to place malicious files in unintended locations on the system. A patch is available to address this high-severity flaw.

Path Traversal Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1605 HIGH PATCH This Week

Eclipse Jetty 12.0.0 through 12.0.31 and 12.1.0 through 12.1.5 suffer from a denial-of-service vulnerability in GzipHandler where decompressor resources leak when processing gzip-compressed requests that generate uncompressed responses. An unauthenticated remote attacker can exhaust server memory by repeatedly sending compressed requests, causing service degradation or unavailability. No patch is currently available.

Jetty Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27388 HIGH This Week

designthemes DesignThemes Booking Manager designthemes-booking-manager is affected by missing authorization (CVSS 7.5).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24385 HIGH This Week

gerritvanaaken Podlove Web Player podlove-web-player is affected by deserialization of untrusted data (CVSS 7.5).

Deserialization
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28076 HIGH This Week

Unauthorized data disclosure in Frenify Guff WordPress theme versions through 1.0.1 allows unauthenticated remote attackers to access sensitive information via missing authorization controls. The vulnerability exploits incorrectly configured access control security levels, enabling attackers to bypass authentication mechanisms and read confidential data. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability in the wild, with no CISA KEV listing or public exploit code identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27386 HIGH This Week

designthemes DesignThemes Directory Addon designthemes-directory-addon is affected by missing authorization (CVSS 7.5).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27374 HIGH This Week

vanquish WooCommerce Order Details woocommerce-order-details is affected by missing authorization (CVSS 7.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27361 HIGH This Week

WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro is affected by missing authorization (CVSS 7.5).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22479 HIGH This Week

Improper access control in Ruby's ThemeRuby Easy Post Submission plugin through version 2.2.0 allows unauthenticated remote attackers to bypass authorization checks and gain unauthorized read access to sensitive data. The vulnerability stems from misconfigured security levels that fail to properly enforce access restrictions on protected functionality. No patch is currently available for affected installations.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69340 HIGH This Week

BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon is affected by missing authorization (CVSS 7.5).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27406 HIGH This Week

My Tickets plugin version 2.1.0 and earlier inadvertently exposes sensitive data in outbound communications due to improper data handling. An unauthenticated remote attacker can intercept and retrieve embedded sensitive information from sent data without user interaction. No patch is currently available for this high-severity vulnerability.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27370 HIGH This Week

Premio Chaty versions up to 3.5.1 expose sensitive data through improper handling of embedded information in outbound communications, allowing unauthenticated remote attackers to retrieve confidential data without user interaction. The vulnerability carries a high severity rating (CVSS 7.5) and currently has no available patch.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28392 HIGH PATCH This Week

OpenClaw versions before 2026.2.14 allow unauthenticated attackers to execute privileged slash commands via direct message when the dmPolicy setting is configured to open, bypassing security controls like allowlists and access groups. This privilege escalation stems from improper authorization checks in the Slack slash-command handler that fails to validate direct message senders. A patch is available for affected users.

Privilege Escalation Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29611 HIGH PATCH This Week

Openclaw versions up to 2026.2.14 contains a vulnerability that allows attackers to read arbitrary files from the local filesystem (CVSS 7.5).

LFI Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70949 HIGH This Week

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. [CVSS 7.5 HIGH]

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28469 HIGH PATCH This Week

Openclaw versions up to 2026.2.14 is affected by authorization bypass through user-controlled key (CVSS 7.5).

Industrial Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy