Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-24977 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile
CVE-2026-24976 — Deserialization: of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-24974 — Deserialization: of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-24971 — Incorrect: Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-24968 — Incorrect: Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-24378 — Deserialization: of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-24373 — Incorrect: Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects Re
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-24359 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4. CVSSv3.1 8.8 (HIGH) · EPSS 18th percentile
CVE-2026-23971 — Deserialization: of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-22516 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22515 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22514 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22513 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22512 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22511 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22510 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-22509 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22508 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22507 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-22506 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22505 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-22504 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22503 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22502 — Control: Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through <= 1.1.9. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-22500 — Deserialization: of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile