CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Château versions up to 1.2.1 are vulnerable to unauthenticated PHP object injection.
Zoya versions up to 1.4 contain a vulnerability to unauthenticated PHP object injection, which may lead to unauthorized access to the system.
There is an unauthenticated PHP Object Injection vulnerability in Manufaktur Solutions versions <= 1.1.1.
There is a vulnerability in Eldon versions up to 1.4.1 that allows unauthenticated PHP object injection.
There is an unauthenticated PHP Object Injection vulnerability in ShiftUp versions up to 1.3.
Versions of Royal Elementor Addons Pro below 1.7.1041 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is an unauthenticated local file inclusion vulnerability in Atomlab versions <= 2.4.5.
There is an unauthenticated PHP Object Injection vulnerability in SingleMalt <= 1.5 versions.
Hiroshi versions up to 1.5.1 are vulnerable to unauthenticated PHP object injection.
Uppercase versions below 1.2.2 are vulnerable to unauthenticated local file inclusion.
There is an unauthenticated PHP Object Injection vulnerability in Konsept <= 1.9 versions.
There is an unauthenticated local file inclusion vulnerability in Solene Core versions <= 2.3.2.
In Alukas versions below 3.0.0, there is an unauthenticated PHP Object Injection vulnerability.
There is an unauthenticated PHP Object Injection vulnerability in PressMart versions <= 1.2.26.
In the Bluetooth Classic Hands-Free Profile (HFP) implementation in Zephyr OS, an out-of-bounds write vulnerability was found. During processing of AT+CIND: response from an Audio Gateway (AG) device, the cind_handle_values() function writes data to the ind_table[] array without verifying that the index does not exceed its size (20 elements). A remote, malicious or compromised Bluetooth peer can send a response with more than 20 entries, causing a write beyond the array and memory corruption.
The EMV JobBank has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.
There is an unauthenticated local file inclusion vulnerability in Line Agency versions <= 1.3.1.
Versions of Etude up to 1.6 are vulnerable to unauthenticated local file inclusion. An attacker can exploit this vulnerability to gain access to system files.
There is an unauthenticated local file inclusion vulnerability in Eventicity versions <= 1.5.
Gunslinger versions up to 1.7 are vulnerable to unauthenticated local file inclusion.

