8790 matches found
PT-2025-43699
Name of the Vulnerable Software and Affected Versions BackWPup – WordPress Backup & Restore Plugin versions prior to 5.5.1 Description The BackWPup – WordPress Backup & Restore Plugin for WordPress is susceptible to unauthorized data access. A missing capability check on the backwpup working AJAX...
Emoncms 安全漏洞
Emoncms is an open source web application from Emoncms Open Source. The program is primarily used to process, record and display energy, temperature and other environmental data. A security vulnerability exists in Emoncms version 11.7.3, which stems from insufficient input validation of the...
CVE-2025-62255
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
CVE-2025-60938
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baudrate,...
CVE-2025-58967
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through 2.4.4...
CVE-2025-59558
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through 2.1.6...
CVE-2025-59564
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through 4.4.5...
CVE-2025-62868 WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...
CVE-2025-62868 WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...
CVE-2025-62868
Summary: CVE-2025-62868 corresponds to a Local File Inclusion (LFI) vulnerability in the WordPress Edge CPT plugin (versions through 1.4). The issue stems from improper control of filenames used in include/require, enabling inclusion of local files via PHP. Affected product: Edge CPT for WordPres...
WordPress Billey plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Billey plugin, which stems from improper control over the filename of include or require statements, and can be exploited ...
PT-2025-43603
Name of the Vulnerable Software and Affected Versions Edge CPT versions through 1.4 Description An improper control of filename for include/require statement exists in Edge CPT, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files within the application...
EUVD-2025-35729
Liferay Portal Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the "edit Knowledge Base" article page. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload into an attachment's filename. Details Cross-site scripting or XSS is a code...
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
GHSA-GCCF-R9XP-X8JX Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
CVE-2025-62255
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
CVE-2025-62255
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
CVE-2025-62255
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...
CVE-2025-62255
Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...