EUVD-2026-28253

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

CVE-2026-28009 WordPress DroneX theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through = 1.1.12...

PT-2026-23198

Name of the Vulnerable Software and Affected Versions Elated-Themes Askka versions through 1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local fil...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-13435 Dreampie Resty HttpClient HttpClient.java request path traversal

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

EUVD-2025-38096

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through = 1.1.42...

EUVD-2017-0300

Malware in sbrugna...

EUVD-2019-2458

Malware in sbrugna...

EUVD-2002-1895

Malware in sbrugna...

EUVD-2017-0201

Malware in sbrugna...

EUVD-2004-2026

Malware in sbrugna...

EUVD-2021-1299

Malware in sbrugna...

EUVD-2020-22031

Malware in sbrugna...

EUVD-2020-22037

Malware in sbrugna...

EUVD-2021-19487

Malware in sbrugna...

EUVD-2020-29859

Malware in sbrugna...

EUVD-2024-21273

Malicious code in bioql PyPI...

EUVD-2022-2371

Malicious code in bioql PyPI...

GHSA-49MJ-X8JP-QVFC OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...

CVE-2025-58206

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...