WordPress plugin Foton 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

WordPress plugin WhatsApp Click to Chat Plugin for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-4868

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument...

CVE-2025-4851

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The explo...

CoinExchange_CryptoExchange_Java 路径遍历漏洞

CoinExchangeCryptoExchangeJava is a Java open source cryptocurrency exchange platform for individual developers of open source digital currency exchanges. A path traversal vulnerability exists in CoinExchangeCryptoExchangeJava, which stems from incorrect manipulation of the parameter filename in...

ecommerce-spring-reactjs 路径遍历漏洞

ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...

CVE-2025-48136

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12...

WordPress plugin Nasa Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-21714 · Roninwp · Roninwp Fat Services Booking

Name of the Vulnerable Software and Affected Versions: roninwp FAT Services Booking versions n/a through 5.5 Description: The issue affects the roninwp FAT Services Booking, allowing for PHP Local File Inclusion due to an Improper Control of Filename for Include/Require Statement in PHP Program...

ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript

A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript

A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename...

kernel: initramfs: avoid filename buffer overrun

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...

CVE-2025-26262

An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename...

CVE-2025-47653

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14...

CVE-2025-47494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4.1...

CVE-2025-47510

CVE-2025-47510 is a WordPress Display Eventbrite Events vulnerability: an authenticated (Contributor+) Local File Inclusion due to improper filename control in include/require statements. Affected software: Display Eventbrite Events = 6.3. If upgrade is not possible, apply vendor-provided mitigat...

CVE-2025-47508

The CVE refers to CVE-2025-47508 affecting WordPress GamiPress plugin versions up to 7.3.7. It is an improper control of filenames for include/require statements (PHP Local File Inclusion that can escalate to PHP Local File Inclusion). Affected product: GamiPress plugin for WordPress (

CVE-2025-47494

CVE-2025-47494 concerns the WordPress plugin EventON (EventON-lite) with an Authenticated Local File Inclusion vulnerability. The issue stems from improper control of filenames used in PHP include/require, enabling LFI for attackers who have authenticated access. Affected software versions are Ev...