92952 matches found
CVE-2026-22494 WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
CVE-2026-4815
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...
CVE-2026-4816
CVE-2026-4816: A Reflected Cross Site Scripting (XSS) vulnerability exists in Support Board v3.7.7. An attacker can craft a malicious URL that injects JavaScript via the search parameter in /supportboard/include/articles.php, causing code execution in the victim’s browser and potentially exfiltra...
CVE-2026-4784
A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit...
PT-2026-27924
Name of the Vulnerable Software and Affected Versions Woody ad snippets versions through 2.7.1 Description A code injection issue exists in Themeisle Woody ad snippets insert-php. The issue involves improper control of code generation, potentially allowing for code injection. The vulnerable...
WordPress plugin MultiOffice 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-27958
Name of the Vulnerable Software and Affected Versions TieLabs Jannah versions through 7.6.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local PHP files...
PT-2026-27818
Name of the Vulnerable Software and Affected Versions AncoraThemes Greenville versions through 1.3.2 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program AncoraThemes Greenville, leading to a PHP Local File Inclusion issue. This allows f...
PT-2026-28014
Name of the Vulnerable Software and Affected Versions CreativeWS MetaMax versions through 1.1.4 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program, specifically in CreativeWS MetaMax. This allows for PHP Local File Inclusion. The issue...
PT-2026-28045
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through 1.4.5...
PT-2026-28018
Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8 Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected...
PT-2026-27976
Name of the Vulnerable Software and Affected Versions Mikado-Themes MultiOffice versions n/a through 1.2 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes MultiOffice...
WordPress plugin MetaMax 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Support Board SQL注入漏洞
Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...
PT-2026-27825
Name of the Vulnerable Software and Affected Versions ProLingua versions n/a through 1.1.12 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. The vulnerable component allows an attacker to includ...
PT-2026-28019
Name of the Vulnerable Software and Affected Versions CreativeWS Kiddy versions through 2.0.8 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...
CraftCMS generate-transform command injection
Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...
PT-2026-33338
Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6 Description A Denial of Service DoS issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative...
PT-2026-27833
Name of the Vulnerable Software and Affected Versions Elated-Themes Roisin versions through 1.2.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local Fil...