256 matches found
The vulnerability of the channel.c component in the Linux operating system’s kernel allows a hacker to gain access to confidential data.
The vulnerability of the channel.c component in the Linux operating system’s kernel is related to improper control of resource identifiers. Exploiting this vulnerability can allow an attacker to access confidential data...
PT-2025-27096 · Unknown · Thembay Puca
Name of the Vulnerable Software and Affected Versions: thembay Puca versions n/a through 2.6.33 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...
PT-2025-27166 · Nicdark · Nicdark Hotel Booking
Name of the Vulnerable Software and Affected Versions: nicdark Hotel Booking versions n/a through 3.7 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...
CVE-2025-6534
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...
CVE-2025-6534
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...
PT-2025-26657 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: xxyopen/201206030 novel-plus versions through 5.1.3 Description: A problematic issue exists due to improper control of resource identifiers. This issue affects the remove function within the...
CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...
CVE-2025-29002
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue affects Simen: from n/a through = 4.6...
CVE-2025-24761
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme DSK dsk allows PHP Local File Inclusion.This issue affects DSK: from n/a through 2.4...
CVE-2025-49253 WordPress Lasa theme <= 1.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Lasa lasa allows PHP Local File Inclusion.This issue affects Lasa: from n/a through = 1.1...
CVE-2025-49256 WordPress Sapa theme <= 1.1.14 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Sapa sapa allows PHP Local File Inclusion.This issue affects Sapa: from n/a through = 1.1.14...
CVE-2025-49260 WordPress Aora theme <= 1.3.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.9...
PT-2025-25714 · Unknown · Loftocean Cozystay
Name of the Vulnerable Software and Affected Versions: LoftOcean CozyStay affected versions not specified Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...
PT-2025-25696 · Unknown · Thembay Nika
Name of the Vulnerable Software and Affected Versions: thembay Nika versions 1.2.8 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, which allows PHP Local File...
CVE-2025-28992
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through = 4.1...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows D...
CVE-2025-32595
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through 1.5.0...
CVE-2025-28944
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz: from n/a through = 2.8...
CVE-2023-26005
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4...
CVE-2025-49281
CVE-2025-49281: Unfoldwp Magways WordPress theme (Magways) <= 1.2.1 suffers an improper filename control in PHP Include/Require, enabling Local File Inclusion. Public sources (NVD/Red Hat/patchstack/Wordfence) list CVSS v3.1 base score 8.1 (HIGH) with network attack vector, high impact on conf...