CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

EUVD-2025-204955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

EUVD-2025-204957

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute...

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

UBUNTU-CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

CVE-2025-68544

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through = 1.3.15...

CVE-2025-68546

CVE-2025-68546 describes an LFI (Local File Inclusion) vulnerability in the WordPress Nika theme (and related WordPress Nika plugin). The issue stems from improper control/filtration of filenames used with PHP include/require, allowing local file inclusion. Affected version range is up to and inc...

CVE-2025-68546 WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14...

CVE-2025-68544 WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through = 1.3.15...

CVE-2025-68544 WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Thembay Diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through 1.3.15...

CVE-2025-68560

The CVE describes an LFI (Local File Inclusion) in CodexThemes TheGem Theme Elements (for Elementor) due to improper control of the filename for include/require statements in PHP. Affected software: TheGem Theme Elements for Elementor up to version 5.10.5.1. Root cause is filename handling during...

CVE-2025-15009

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...

PT-2025-52742

Name of the Vulnerable Software and Affected Versions TheGem Theme Elements for Elementor versions through 5.10.5.1 Description An issue exists in CodexThemes TheGem Theme Elements for Elementor related to improper control of filename for include/require statements, potentially leading to a PHP...

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

PT-2025-52848

Name of the Vulnerable Software and Affected Versions GNU Unrtf version 0.21.10 Description A stack overflow exists in the src/main.c component of the software. This allows attackers to cause a Denial of Service DoS by injecting a crafted input into the filename parameter. Recommendations At the...