Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.