CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

dvwa_web_security_labs

DVWA Web Security Labs Project Description This project c...

CVE-2026-7633

Totolink N300RH 6.1c.1353_B20190305 is affected by CVE-2026-7633 in the setUploadSetting function of /cgi-bin/cstecgi.cgi. Manipulating the FileName argument leads to file inclusion and may be exploitable remotely. Public exploit is reported; patch/version details are not provided in the sources.

CVE-2026-32504

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...

WellChoose IFTOP 安全漏洞

WellChoose IFTOP is a command-line network traffic monitoring tool for analyzing network traffic statistics, developed by WellChoose, a company based in Taiwan, China. WellChoose IFTOP has a security vulnerability, which stems from a local file inclusion vulnerability. This vulnerability could...

EUVD-2026-9738

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

EUVD-2026-9745

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects Gamezone: from n/a through = 1.1.11...

CVE-2026-28018

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through = 3.20...

CVE-2026-22457

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through = 1.5...

CVE-2026-28019

CVE-2026-28019 : In ThemeREX Manoir (WordPress theme), there is an issue described as Improper Control of Filename for Include/Require Statement in PHP Program, effectively a Local File Inclusion (LFI) vulnerability. The public description specifies exploitation related to PHP include/require fil...

CVE-2026-22477

CVE-2026-22477 is a Local File Inclusion for the WordPress theme Felizia (AncoraThemes) and affects Felizia versions up to 1.3.4. The vulnerability arises from improper control of the filename used in PHP include/require, enabling local file inclusion. The NVD entry lists CVSS v3.1 base score 8.1...

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to read arbitrary files in the local file system...

PT-2026-23285

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects Justitia: from n/a through = 1.1.0...

CVE-2026-22378

CVE-2026-22378 refers to a Local File Inclusion in the WordPress theme Blabber (AncoraThemes) up to version 1.7.0. The vulnerability arises from improper handling of filenames in PHP include/require statements, enabling local file inclusion. The NVD/Wordfence entry lists affected software Blabber...

CVE-2026-22365

CVE-2026-22365 affects the Soleng WordPress theme (Soleng) up to version 1.0.5, with an improper filename handling for PHP include/require that enables Local File Inclusion. The Wordfence report lists this as an unauthenticated LFI in Soleng

PT-2026-21180

Name of the Vulnerable Software and Affected Versions ThemeREX Cobble versions through 1.7 Description A flaw exists in ThemeREX Cobble that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusio...

CVE-2022-42234

There is a file inclusion vulnerability in the template management module in UCMS 1.6...

CVE-2022-27257

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

CVE-2019-7254

Linear eMerge E3-Series devices allow File Inclusion...

WordPress Nika plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Nika plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...