Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue arises from an off-by-one error that causes out-of-bounds memory access when...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, using the magick stream command in ImageMagick, specifying multiple consecutive %d format specifiers in a filename template caused a memory leak. Versions...

CVE-2025-64359

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.7.5...

CVE-2025-64364

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...

CVE-2025-64363

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through 5.5.0...

CVE-2025-64363 WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through 5.5.0...

CVE-2025-64364

CVE-2025-64364 describes a Local File Inclusion (LFI) in the WordPress Masterstudy theme/plugin (StylemixThemes Masterstudy). The vulnerability arises from improper control of the filename used in include/require statements, enabling PHP LFI. Affected versions are Masterstudy prior to 4.8.126. Re...

CVE-2025-64363 WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through 5.5.0...

CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...

CVE-2025-64360

The CVE-2025-64360 entry describes a Local File Inclusion in the WordPress Consulting Elementor Widgets plugin (versions up to 1.4.2) caused by improper control of filenames for include/require statements in PHP. Affects Consulting Elementor Widgets:

CVE-2025-64360 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-64359

CVE-2025-64359 is a WordPress plugin/theme vulnerability affecting the WordPress Consulting theme (StylemixThemes Consulting) versions prior to 6.7.5. Multiple connected sources describe an improper control of filename for include/require statements, enabling PHP Local File Inclusion through the ...

CVE-2025-64359 WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through 6.7.5...

PT-2025-44614

Name of the Vulnerable Software and Affected Versions SeventhQueen Kleo versions prior to 5.5.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...

CVE-2025-64284

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through = 1.0.7...

EUVD-2025-36814

Malicious code in filename-rules npm...

Malicious Package

Overview filename-rules is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in filename-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15d6c49237b11de7f279efa585359302e43282ac5e2abdaa6c0d1a6cac7bfdec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49003 Malicious code in filename-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15d6c49237b11de7f279efa585359302e43282ac5e2abdaa6c0d1a6cac7bfdec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Validation of Syntactic Correctness of Input

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in ZIP archives filenames processing. An attacker can cause malicious code to be executed or files to ...