CVE-2026-48820

The CakePHP CVE-2026-48820 vulnerability affects View::_getElementFileName(), where the resolved element path is not validated to be within the application/plugin view template paths. This can allow crafted user-supplied data to include other PHP files on the server. Affected versions span 4.5.11...

EUVD-2025-210257

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

EUVD-2025-210255

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

EUVD-2025-210256

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

EUVD-2025-210254

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

EUVD-2025-210252

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

EUVD-2025-210263

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

EUVD-2025-210262

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

EUVD-2025-210261

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

EUVD-2026-37596

Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...

EUVD-2026-37675

Unauthenticated Local File Inclusion in Malmö = 2.2 versions...

EUVD-2026-37591

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

EUVD-2026-37672

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

EUVD-2026-37677

Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...

EUVD-2026-37649

Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...

EUVD-2026-37658

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

EUVD-2026-37653

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

EUVD-2026-37654

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

EUVD-2026-37648

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

EUVD-2025-210234

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...