CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/04/10 7:23 p.m.•3 views

CVE-2026-39613

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

7.5CVSS5.8AI score0.00147EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39613

CVE-2026-39613 concerns a Local File Inclusion in the WordPress Boutique theme by Kutethemes (kute-boutique). All connected sources consistently describe an improper control of the filename used by PHP include/require, enabling LFI. Affected software: Boutique theme versions up to and including 2...

7.5CVSS5.9AI score0.00147EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

5.8AI score0.00147EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•17 views

CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

7.5CVSS0.00147EPSS

Exploits0References1

CVE•added 2026/03/25 4:14 p.m.•3 views

CVE-2026-25342

Summary: CVE-2026-25342 is a Reflected Cross-Site Scripting (XSS) vulnerability in kutethemes’ Boutique (kute-boutique) WordPress theme, affecting versions prior to 2.4.6. Root cause: improper neutralization of input during web page generation. Impact (as described): XSS could allow malicious scr...

7.1CVSS5.8AI score0.00045EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:14 p.m.•25 views

CVE-2026-25342 WordPress Boutique theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through 2.4.6...

7.1CVSS0.00045EPSS

Exploits0References1