8767 matches found
CVE-2022-50747
CVE-2022-50747: In the Linux kernel hfs_asc2mac(), an out-of-bounds write could occur when in->len exceeds HFS_NAMELEN, if dst reaches boundary while srclen remains > 0. The fix adds a dstlen check in the writing loop to prevent OOB writes. Affected: Linux kernel hfs/trans.c; root cause: mi...
CVE-2022-50747 hfs: Fix OOB Write in hfs_asc2mac
In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfsasc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in...
CVE-2022-50747 hfs: Fix OOB Write in hfs_asc2mac
In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfsasc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in...
CVE-2025-68546
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...
CVE-2025-68563 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...
CVE-2025-68540
CVE-2025-68540 affects the WordPress theme Fana (Fashion Shop Theme). It is an authenticated local file inclusion via improper control of filenames in PHP include/require, impacting Fana versions up to 1.1.35. Wordfence reports this CVE as mitigated/patched in a later release (patch available in ...
CVE-2025-68530
CVE-2025-68530 affects the WordPress plugin/theme Bookory . The Wordfence entry documents an authenticated Local File Inclusion (LFI) via improper control of the filename used in PHP include/require, labeled as Authenticated (Contributor+) Local File Inclusion in Bookory <= 2.2.7. The vulnerab...
PT-2025-53252
Name of the Vulnerable Software and Affected Versions Nawawi Jamili Docket Cache versions through 24.07.03 Description An improper control of filename for include/require statement issue exists in Nawawi Jamili Docket Cache, potentially allowing PHP Local File Inclusion. This issue is also...
PT-2025-53095
Name of the Vulnerable Software and Affected Versions pavothemes Bookory versions through 2.2.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...
PT-2025-53099
Name of the Vulnerable Software and Affected Versions thembay Zota versions n/a through 1.3.14 Description An improper control of filename for include/require statement exists in thembay Zota, potentially allowing PHP Local File Inclusion. The issue involves the inclusion of files without proper...
WordPress plugin Docket Cache 安全漏洞
WordPress Docket Cache plugin is a tool that focuses on object caching acceleration to improve website performance. A file inclusion vulnerability exists in WordPress Docket Cache plugin, which stems from not effectively filtering calls to local file resources, and can be exploited by an attacker...
CVE-2025-66211
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...
CVE-2025-66212
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
EUVD-2025-204955
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...
EUVD-2025-204957
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...
CVE-2025-65410
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...