CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20365

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

5.9AI score0.00147EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•2 views

CVE-2026-22496

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...

NVD•added 2026/03/25 5:16 p.m.•0 views

CVE-2026-22515

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through = 1.2.0...

Cvelist•added 2026/03/19 6:41 a.m.•21 views

CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

CVE•added 2026/03/13 11:42 a.m.•5 views

CVE-2026-32426

The CVE-2026-32426 entry describes a Local File Inclusion (LFI) vulnerability in the WordPress plugin Medilazar Core (themelexus) prior to version 1.4.7 . The root cause is improper control of the filename for include/require in PHP, effectively enabling LFI. Affected software: Medilazar Core

7.5CVSS5.8AI score0.0017EPSS

RedhatCVE•added 2026/03/06 7:54 a.m.•2 views

CVE-2026-28019

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

NVD•added 2026/03/05 6:16 a.m.•2 views

CVE-2026-28039

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...

7.5CVSS0.00143EPSS

Cvelist•added 2026/03/05 5:54 a.m.•28 views

CVE-2026-28092 WordPress Sounder theme <= 1.3.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Sounder sounder allows PHP Local File Inclusion.This issue affects Sounder: from n/a through = 1.3.11...

Cvelist•added 2026/03/05 5:54 a.m.•25 views

CVE-2026-28088 WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects Aqualots: from n/a through = 1.1.6...

Cvelist•added 2026/03/05 5:54 a.m.•27 views

CVE-2026-28020 WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through = 1.11...

Cvelist•added 2026/03/05 5:54 a.m.•24 views

CVE-2026-27988 WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Equadio: from n/a through = 1.1.3...

CNNVD•added 2026/03/05 12:0 a.m.•4 views

WordPress plugin Police Department 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23277

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through = 2.12...

5.9AI score0.00172EPSS

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23312

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

5.9AI score0.00172EPSS

CNNVD•added 2026/03/05 12:0 a.m.•2 views

WordPress plugin Edge Decor 安全漏洞

ATTACKERKB•added 2026/02/20 3:46 p.m.•3 views

CVE-2025-69406

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through = 1.1.7...

5.5AI score0.00056EPSS

Positive Technologies•added 2026/02/20 12:0 a.m.•2 views

PT-2026-21218

Name of the Vulnerable Software and Affected Versions AncoraThemes Impacto Patronus versions through 1.2.3 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files...

5.4AI score0.00056EPSS

Exploits0References4

NVD•added 2026/01/22 5:16 p.m.•4 views

CVE-2025-69072

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects Prider: from n/a through = 1.1.3.1...

8.1CVSS0.00066EPSS

ATTACKERKB•added 2026/01/22 4:52 p.m.•1 views

CVE-2026-22401

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through = 2.4.2...

7.5CVSS5.4AI score0.0022EPSS