CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
There is an unauthenticated local file inclusion vulnerability in Ingenioso versions <= 1.14.0.
Iona versions up to 1.0.8 are vulnerable to unauthenticated local file inclusion.
There is an unauthenticated local file inclusion vulnerability in MaxiNet versions <= 1.2.10.
There is an unauthenticated local file inclusion vulnerability in Nexio versions <= 1.10.0.
There is an unauthenticated local file inclusion vulnerability in Planty versions <= 1.14.0.
There is an unauthenticated local file inclusion vulnerability in AirSupply versions <= 2.0.0.
There is an unauthenticated local file inclusion vulnerability in Raider Spirit <= 1.1.2 versions.
There is an unauthenticated local file inclusion vulnerability in Rosaleen versions <= 2.8.
Versions of Modernee <= 1.6.0 are vulnerable to unauthenticated local file inclusion.
Versions of Qreatix <= 1.9.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the context of the victim's browser.
In Brikk versions up to 3.0.0, there is a vulnerability that allows subscribers to delete arbitrary content.
In WPBot Pro, versions up to 13.6.5, there is a vulnerability allowing subscribers to delete arbitrary files.
There is a vulnerability in Learnify versions up to 1.15.0 that allows unauthenticated local file inclusion.
Versions of Sonaar up to 4.27.4 contain a vulnerability that allows subscriber privilege escalation.
Versions of Sonaar <= 4.27.4 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated local file inclusion vulnerability in HomeRoofer versions <= 2.11.0.
There is an unauthenticated local file inclusion vulnerability in Joly versions up to 1.22.0.
Neuronet versions below 1.14.0 contain a vulnerability for unauthenticated local file inclusion.
Versions of Geya <= 1.15 are vulnerable to unauthenticated local file inclusion, which may lead to the disclosure of sensitive information.
WordPress versions up to 3.0.2 have a vulnerability that allows unauthenticated arbitrary file download in the Premium Age Verification / Restriction plugin.

