CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

CVE-2023-24215 concerns the NOVUS AirGate 4G firmware v1.1.16, where an incorrect access control on the /uci/get/ endpoint allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score ...

EUVD-2025-204240

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

CVE-2025-49363

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

CVE-2025-49363 WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

CVE-2025-49363 WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

CVE-2025-49363

CVE-2025-49363 concerns the WordPress Kings & Queens theme (versions up to 1.1.16). The issue is an improper control of filenames for include/require statements, enabling PHP Local File Inclusion (LFI) and related PHP Remote File Inclusion risks as described in multiple sources. The vulnerability...

PT-2025-52006

Name of the Vulnerable Software and Affected Versions AncoraThemes Kings & Queens versions through 1.1.16 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

EUVD-2024-0724

Malicious code in bioql PyPI...

WordPress Translang Theme <= 1.1.16 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Translang versions = 1.1.16...

WordPress PathWell Theme <= 1.1.16 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PathWell versions = 1.1.16...

WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kings & Queens versions = 1.1.16...

WordPress Maia Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Maia Type Theme Vulnerable versions = 1.1.15 Fixed in 1.1.16 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49258 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 17919a5d64c7 Credits Phat RiO - BlueRock Required privilege...

CVE-2023-51837

Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation...

CVE-2023-51842

An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16...

WordPress plugin BookingPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...

PT-2024-16356 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.16 Description: The BookingPress plugin for WordPress is vulnerable to SQL Injection via the service parameter of the bookingpress form shortcode due to insufficient escapin...

WordPress Travelpayouts Plugin <= 1.1.16 is vulnerable to Open Redirection

Software Travelpayouts Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-0337 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 22ec7383525a Credits Krzysztof Zając CERT PL Required privilege...