Total
2666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25360 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9. | |||||
| CVE-2026-25031 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. | |||||
| CVE-2026-24981 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9. | |||||
| CVE-2026-22505 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2. | |||||
| CVE-2026-24974 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1. | |||||
| CVE-2026-25524 | 1 Openmage | 1 Magento | 2026-04-23 | N/A | 8.1 HIGH |
| Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()` can trigger deserialization when processing `phar://` stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and media handling. An attacker who can upload a malicious phar file (disguised as an image) and trigger one of these functions with a `phar://` path can achieve arbitrary code execution. Version 20.17.0 patches the issue. | |||||
| CVE-2026-25449 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. | |||||
| CVE-2025-60238 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 9.04.02. | |||||
| CVE-2025-58839 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2. | |||||
| CVE-2025-58815 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2. | |||||
| CVE-2025-58662 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support awesome-support allows Object Injection.This issue affects Awesome Support: from n/a through <= 6.3.5. | |||||
| CVE-2025-58644 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: from n/a through <= 1.2.6. | |||||
| CVE-2025-58643 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7. | |||||
| CVE-2025-58642 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11. | |||||
| CVE-2025-58218 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition small-package-quotes-usps-edition allows Object Injection.This issue affects Small Package Quotes – USPS Edition: from n/a through <= 1.3.9. | |||||
| CVE-2025-57919 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through <= 269.1. | |||||
| CVE-2025-54742 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.4.8. | |||||
| CVE-2025-54686 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. | |||||
| CVE-2025-54053 | 2026-04-23 | N/A | 6.6 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg groundhogg allows Object Injection.This issue affects Groundhogg: from n/a through <= 4.2.2. | |||||
| CVE-2025-54014 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 15.1. | |||||