Total
2313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5499 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5498 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 6.5 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-68038 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through <= 5.9.11. | |||||
| CVE-2025-67911 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11. | |||||
| CVE-2025-67535 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6. | |||||
| CVE-2025-66073 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8. | |||||
| CVE-2025-66055 | 2026-01-20 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | |||||
| CVE-2025-64353 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3. | |||||
| CVE-2025-64266 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.4. | |||||
| CVE-2025-64233 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8. | |||||
| CVE-2025-64227 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | |||||
| CVE-2025-64206 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0. | |||||
| CVE-2025-62035 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | |||||
| CVE-2025-62025 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. | |||||
| CVE-2025-62008 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | |||||
| CVE-2025-60245 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | |||||
| CVE-2025-60238 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | |||||
| CVE-2025-60234 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | |||||
| CVE-2025-60232 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5. | |||||
| CVE-2025-60228 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9. | |||||