Arbitrary File Read

Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to imprope...

CVE-2025-32944

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the...

PT-2025-16529 · Unknown · Magepeopleteam Booking/Rental Manager

Name of the Vulnerable Software and Affected Versions: magepeopleteam Booking and Rental Manager versions 2.2.8 and earlier Description: The issue is related to an improper control of filename for include/require statement in PHP programs, also known as PHP Remote File Inclusion, which allows PHP...

PT-2025-16317 · Unknown · Notfound Coming Soon

Name of the Vulnerable Software and Affected Versions: NotFound Coming Soon, Maintenance Mode versions n/a through 1.1.1 Description: The issue is related to Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This...

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

CVE-2025-32627

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2...

WordPress plugin IDonate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-16055

Name of the Vulnerable Software and Affected Versions: ThemeAtelier IDonate versions 2.1.8 and earlier Description: The issue is related to an improper control of filename for include/require statement in a PHP program, also known as PHP Remote File Inclusion, which allows PHP Local File Inclusio...

CVE-2025-32158

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15...

CVE-2025-32160

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite.This issue affects EventON: from n/a through = 2.4.1...

CVE-2025-32668

CVE-2025-32668 — Real Estate Manager (WordPress plugin) is affected by an unauthenticated Local File Inclusion due to improper control of the filename in include/require. The vulnerability affects Real Estate Manager up to version 7.3 and is currently Unpatched. The CVSS v3.1 base score is 8.1 (H...

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

The vulnerability of the `setUpgradeFW` function in TOTOLINK CP450 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK CP450 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the FileName parameter...

TIBCO Spotfire 安全漏洞

TIBCO Spotfire is an application from TIBCO, Inc. that enables quick and easy deployment of advanced analyses for chemistry, biology and screening studies. A security vulnerability exists in TIBCO Spotfire that stems from an injection vulnerability and insufficient filename validation that could...

CVE-2025-30401

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitra...

CVE-2025-30401

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitra...

CVE-2025-32146

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through = 2.0.2...

WordPress plugin Fami WooCommerce Compare 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...