CVE-2026-28066 WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through = 2.17...

CVE-2025-53448

CVE-2025-53448 concerns the WordPress Rally theme (axiomthemes Rally) up to version 1.1, which suffers from improper control of filenames in include/require statements, enabling PHP Local File Inclusion. Affected component: WordPress Rally theme; root cause: Local File Inclusion via unsafely cons...

PT-2025-52104

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wanderic wanderic allows PHP Local File Inclusion.This issue affects Wanderic: from n/a through = 1.0.10...

WordPress plugin Strux 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-39468

CVE-2025-39468 refers to a Local File Inclusion vulnerability in the WordPress Modal Survey plugin (modal-survey) affecting versions up to 2.0.2.0.1. The issue arises from improper control of filenames used in include/require, enabling an attacker to read local files via crafted input. The connec...

WordPress Plugin Consulting 安全漏洞

WordPress Consulting plugin is a plugin that provides WordPress website optimization, security auditing, performance enhancement, etc. It is mainly used to help businesses or individual users to solve the technical problems of WordPress websites. WordPress Consulting plugin has a file inclusion...

WordPress plugin Kleo 安全漏洞

WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...

WordPress plugin Unicamp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

PHPCMS v9.6.3 suffers from a file inclusion vulnerability

PHPCMS is a website management software. A file inclusion vulnerability exists in the latest version of phpcms V9.6.3 and below. The vulnerability arises from two main parts, one is the acquisition of authkey, which utilizes the insecurity of random numbers, and the other is based on the logical...

CVE-2006-2283

CVE-2006-2283 affects SpiffyJr phpRaid versions 2.9.5 to 3.0.b3, enabling remote PHP code execution via remote file inclusion. Exploitation vectors involve crafted URLs in phpbb_root_path (auth.php/auth_phpbb with phpBB portal enabled) and smf_root_path (auth.php/auth_SMF with SMF portal enabled)...

PHP Live! directory/conf File Include Unspecified Issue

The remote host is running PHP Live! a live support system for websites. The remote version of this software contains an unspecified flaw that could allow an attacker to include a configuration file hosted on a third-party server. An attacker may exploit this flaw to execute arbitrary PHP code on...

phpMyAdmin sql.php Traversal Arbitrary File Access

It is possible to make the remote phpMyAdmin installation read arbitrary data on the remote host. An attacker may use this flaw to read arbitrary files that your web server has the right to access or execute arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...