PT-2025-17745 · Capturly · Capturly

Name of the Vulnerable Software and Affected Versions: Capturly versions n/a through 2.0.1 Description: The issue is related to Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File Inclusion ...

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

CVE-2025-46394

CVE-2025-46394 affects BusyBox tar up to version 1.37.0. A TAR archive can misuse terminal escape sequences to hide filenames from listings, causing a mismatch between on-disk contents and what is shown to the user. The vulnerability is a UI misinformation issue (CWE-451) with low overall impact ...

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

VulnCheck KEV: CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

CLSA-2025-1744927038 libreoffice: Fix of CVE-2023-6185

CVE-2023-6185: escape filename of embedded video to prevent execution of arbitrary GStreamer plugins...

CVE-2025-32944

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the...

CVE-2025-31340

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file...

WordPress plugin Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Smart Agreements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUNNET Wisdom Master Pro 安全漏洞

SUNNET Wisdom Master Pro is a Wisdom Master management platform from SUNNET. A security vulnerability exists in SUNNET Wisdom Master Pro 5.2 and earlier versions, which stems from improper control of included or referenced filenames in a PHP program, and could lead to the execution of arbitrary...

WordPress plugin Széchenyi 2020 Logo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-17017

Name of the Vulnerable Software and Affected Versions Docket Cache versions through 24.07.02 Description The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This vulnerability allows PHP Loc...

WordPress plugin Docket Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-17012 · Wpcafe · Wpcafe

Name of the Vulnerable Software and Affected Versions: WPCafe versions 2.2.32 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WPCOM Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...