CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/08 3:14 a.m.•6 views

CVE-2025-69083

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through = 1.8...

8.1CVSS5.9AI score0.00334EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•4 views

PT-2026-1740

Name of the Vulnerable Software and Affected Versions ThemeMove Brook - Agency Business Creative versions through 2.8.9 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for t...

9.8CVSS6.4AI score0.00403EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-1787

Name of the Vulnerable Software and Affected Versions QantumThemes Typify versions through 3.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. The vulnerability exists in QantumThemes...

9.8CVSS6.7AI score0.00512EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-1696

Name of the Vulnerable Software and Affected Versions magentech Rozy - Flower Shop versions through 1.2.25 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion ...

9.8CVSS6.5AI score0.00512EPSS

7.7CVSS6.8AI score0.00897EPSS

GreenShot 安全漏洞

GreenShot is a lightweight screenshot software tool for Windows from GreenShot. A security vulnerability exists in GreenShot 1.3.310 and earlier versions, which stems from improper filename handling and can lead to OS command injection...

Exploits1References3

WordPress plugin Atlas 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Moody 安全漏洞

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin Typify 安全漏洞

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin Optimize 安全漏洞

8.1CVSS6.7AI score0.00434EPSS

WordPress plugin Mitech 安全漏洞

Positive Technologies•added 2026/01/08 12:0 a.m.•5 views

PT-2026-1785

Name of the Vulnerable Software and Affected Versions ThemeMove Moody tm-moody versions through 2.7.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

9.8CVSS6.5AI score0.00512EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•4 views

PT-2026-1784

Name of the Vulnerable Software and Affected Versions TMRW-studio Atlas versions through 2.1.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendation...

9.8CVSS6.7AI score0.00512EPSS

CNNVD•added 2026/01/08 12:0 a.m.•3 views

WordPress plugin Neo Ocular 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

8.1CVSS6.4AI score0.00412EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•4 views

PT-2026-1909

Name of the Vulnerable Software and Affected Versions Mikado-Themes Wellspring versions prior to 2.8 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

8.1CVSS6.4AI score0.00434EPSS

Exploits0References5

Positive Technologies•added 2026/01/08 12:0 a.m.•3 views

PT-2026-1739

Name of the Vulnerable Software and Affected Versions ThemeMove AeroLand versions through 1.6.6 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files within the...

9.8CVSS6.4AI score0.00403EPSS

NVD•added 2026/01/07 12:17 p.m.•2 views

CVE-2025-69081

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through = 3.0.0...

8.1CVSS0.00412EPSS

Cvelist•added 2026/01/07 11:59 a.m.•25 views

CVE-2025-69080 WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through = 1.9.8...

8.1CVSS0.00412EPSS

Vulnrichment•added 2026/01/07 11:59 a.m.•2 views

CVE-2025-69080 WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00412EPSS

CVE•added 2026/01/07 11:56 a.m.•10 views

CVE-2025-69081

CVE-2025-69081 describes an Improper Control of Filename for Include/Require in PHP (PHP Local File Inclusion) affecting ThemeREX Group Hope charity-is-hope WordPress theme (Hope: from n/a through 3.0.0). Affected component is the PHP include/require path handling in the theme. The Red Hat entry ...

8.1CVSS5.9AI score0.00412EPSS