7 matches found
CVE-2025-54017
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...
CVE-2025-54017
CVE-2025-54017 is a PHP Local File Inclusion in the WordPress plugin Paid Member Subscriptions (vulnerable up to 2.15.4). The root cause is improper control of include/require filenames, enabling local file inclusion. The vulnerability is rated high (CVSS 3.1 base 7.5) with network access, high i...
CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4...
PT-2025-34001 · Unknown · Cozmoslabs Paid Member Subscriptions
Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions through 2.15.4 Description: The software contains an improper control of filename for include/require statements, leading to a PHP local file inclusion issue. Recommendations: Update Cozmoslabs Pa...
Lustre Security Vulnerabilities
Lustre is a Lustre community effort to provide a globally consistent POSIX-compatible distributed parallel file system for large-scale computing systems. A security vulnerability exists in Lustre versions 2.13.x through prior to 2.15.4, which stems from a vulnerability that could allow an attacke...
PT-2024-14292 · Lustre · Lustre
Name of the Vulnerable Software and Affected Versions: Lustre versions 2.13.x through 2.15.x before 2.15.4 Lustre version 2.15.4 is not affected, so the range can be simplified to: Lustre versions 2.13.x through 2.15.3 Description: The issue allows attackers to escalate privileges and obtain...
ca.islandora.sync:islandora-sync-gateway (>=0.0.1 <=0.0.2), com.data-artisans:flakka-sample-camel-java_2.10 (=2.3-custom) +172 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-http (>=1.2.0 <=2.15.4)
org.apache.camel:camel-http MAVEN version =1.2.0, =0.0.1, =1.0, =2.3.7, =1.0, =2.3.7, =2.1.0, =2.1.0-RC4, =2.1.0-RC6 and more Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...