SUSE CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

PT-2026-1466

Name of the Vulnerable Software and Affected Versions Jwsthemes Issabella versions through 1.1.2 Description An improper control of filename for include/require statement issue exists in Jwsthemes Issabella, allowing for PHP Local File Inclusion. The issue involves a flaw in how the software...

PT-2026-1502

Name of the Vulnerable Software and Affected Versions TOTOLINK WA300 version 5.2cu.7112 B20190227 Description A security issue exists in TOTOLINK WA300 version 5.2cu.7112 B20190227. The sub 401510 function within the cstecgi.cgi file is susceptible to command injection through manipulation of the...

WordPress plugin Calafate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin TheGem Theme Elements (for Elementor) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1473

Name of the Vulnerable Software and Affected Versions VanKarWai Calafate versions through 1.7.7 Description The software contains a flaw related to improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of...

CVE-2025-69087 WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through = 2.1.2...

CVE-2025-69087 WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through = 2.1.2...

CVE-2025-69087

CVE-2025-69087 is an Unpatched Local File Inclusion vulnerability in FreeAgent (jwsthemes) for WordPress. The issue arises from improper control of the filename used by PHP include/require, effectively enabling an attacker to read arbitrary files via PHP code execution paths in FreeAgent builds u...

PT-2026-1259

Name of the Vulnerable Software and Affected Versions jwsthemes FreeAgent versions through 2.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access and...

CVE-2025-15431

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...

CVE-2025-15431

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...

PT-2026-28792

Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set CRS versions prior to 3.3.9 and prior to 4.25.0 Description The OWASP Core Rule Set CRS contains a flaw where whitespace padding in filenames can bypass file upload extension checks. This allows the upload of dangerous file...

PT-2026-25073

Name of the Vulnerable Software and Affected Versions Black versions prior to 26.3.1 Description Black, a Python code formatter, prior to version 26.3.1, improperly sanitizes user-supplied input when constructing the filename for a cache file. Specifically, the value provided to the...

PT-2026-20325

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.22 Rack versions prior to 3.1.20 Rack versions prior to 3.2.5 Description Rack’s Rack::Directory component generates HTML directory indexes with clickable links for each file entry. If a file exists with a basename...

CVE-2025-62753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through = 1.3.4...

CVE-2025-68985

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

CVE-2025-68984

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through = 2.6.39...

CVE-2025-62753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through = 1.3.4...

CVE-2025-62753

CVE-2025-62753 affects MAS Videos (WordPress plugin) up to version 1.3.2. The issue is an Improper Control of Filename for Include/Require Statement in PHP (PHP Remote File Inclusion), effectively a Local File Inclusion risk. The CVSS 3.1 metric indicates a base score of 7.5 (HIGH) with network a...