CVE-2025-58206 WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...

CVE-2025-58206

CVE-2025-58206 is a Local File Inclusion vulnerability in WordPress Theme MaxCoach (affected: versions n/a through 3.2.5; also described as ThemeMove MaxCoach in some sources). The root cause is improper control of the filename used in PHP include/require statements, enabling PHP Local File Inclu...

CVE-2025-58214

CVE-2025-58214 describes an unauthenticated Local File Inclusion in the WordPress theme Indutri before 1.3.0 due to improper filename handling in Include/Require statements. Affected product: gavias Indutri WordPress Theme. Root cause: improper control of filenames leading to local file inclusion...

CVE-2025-58214 WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58214 WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-57889

CVE-2025-57889 affects the WordPress InPost Gallery plugin up to version 2.1.4.5. It is an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) vulnerability that enables PHP Local File Inclusion via include/require statements. Affected software: InPost Gallery (...

CVE-2025-57889 WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

WordPress plugin InPost Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin MaxCoach 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Indutri 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-36255

Name of the Vulnerable Software and Affected Versions: gavias Indutri versions prior to 1.3.0 Description: The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendation...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ntfs3 not checking filename length...

CVE-2025-58637

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in immonex immonex Kickstart immonex-kickstart allows PHP Local File Inclusion.This issue affects immonex Kickstart: from n/a through = 1.11.6...

CVE-2025-58608 WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

WordPress plugin immonex Kickstart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2013-1833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x befo...

USN-7728-1: ImageMagick vulnerabilities

It was discovered that ImageMagick did not properly process certain format strings when interpreting image filenames. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. CVE-2025-53014 It was discovered that ImageMagick did not properly proce...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

CVE-2025-9395

A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be use...