WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...

Drupal 跨站脚本漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...

PT-2026-36544

Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...

Security Bulletin: Operator for IBM DataPower Gateway vulnerable to Denial of Service

Summary This vulnerability can allow an invalid DNS response to cause an operator crash. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and...

EUVD-2026-9682

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through = 1.11...

EUVD-2026-9681

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

CVE-2026-28019

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

PT-2026-23301

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

PT-2026-23302

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through = 1.11...

WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Chroma versions = 1.11...

acryl-datahub (>=0.8.24.2 <=0.11.0rc1), acryl-datahub-actions (>=0.0.1 <=0.0.8) +37 more potentially affected by CVE-2025-33042 via avro (>=1.10.0 <=1.11.3)

avro PYPI version =1.10.0, =0.8.24.2, =0.0.1, =0.9.2.2, =0.0.1, =1.0.0b4, =0.9.15, =0.0.2, =0.2.78, =0.15.8, =0.9.8, =0.1.0, =0.1.0, =0.3.0, =0.6.0 and more Source cves: CVE-2025-33042 Source advisory: OSV:PYSEC-2026-26...

CVE-2019-25298

CVE-2019-25298 affects html5_snmp 1.11 and involves multiple SQL injection vulnerabilities that enable manipulation of database queries via the Router_ID and Router_IP parameters. The underlying threat is classic SQL injection through error-based, time-based, and union-based techniques, potential...

AhadPOS SQL注入漏洞

AhadPOS is a web-based point-of-sale software developed by RIMbalinux’s individual developers. Version 1.11 of AhadPOS contains an SQL injection vulnerability, which stems from the alamatCustomer parameter being susceptible to SQL injections. This vulnerability could allow attackers to extract...

CVE-2025-23530

Cross-Site Request Forgery CSRF vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through = 1.11...

CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

CVE-2025-53449

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through = 1.11...

CVE-2025-53449

CVE-2025-53449 concerns the WordPress Convex theme (versions through 1.11) with a Local File Inclusion (LFI) caused by improper control of filenames for include/require statements. The Red Hat and EUVD/NVD records corroborate the same description and reference Convex 1.11 or older. Affected softw...

PT-2025-52043

Name of the Vulnerable Software and Affected Versions axiomthemes Convex versions through 1.11 Description A flaw exists in axiomthemes Convex related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

VulnCheck KEV: CVE-2025-22905

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp...