CVE-2025-69037

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through = 1.2.3...

CVE-2025-69037

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through = 1.2.3...

CVE-2025-69037 WordPress Pippo theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through = 1.2.3...

CVE-2025-69037

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through = 1.2.3...

CVE-2025-69037 WordPress Pippo theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through = 1.2.3...

CVE-2025-69037

CVE-2025-69037 is a WordPress Pippo theme Local File Inclusion vulnerability (PHP include/require filename control) affecting Pippo up to version 1.2.3. The issue enables including local files via PHP, with CVSS 3.1 vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (base 8.1, HIGH). Red Hat and CVE rec...

WordPress plugin Pippo has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-4125

Name of the Vulnerable Software and Affected Versions Pippo versions through 1.2.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...

CVE-2018-18240

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

WordPress Pippo theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Pippo versions = 1.2.3...

EUVD-2019-0543

Malware in sbrugna...

EUVD-2018-0537

Malware in sbrugna...

EUVD-2018-0820

Malware in sbrugna...

CVE-2018-20059

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE...

CVE-2019-5442

XML Entity Expansion Billion Laughs Attack on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will...

CVE-2018-18628

An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode calls ObjectInputStream.readObject to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPOSESSION...

VulnCheck KEV: CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

com.gitblit.fathom:fathom-integration-test (>=0.5.0 <=1.0.1), com.gitblit.fathom:fathom-mailer (>=0.5.0 <=1.0.1) +72 more potentially affected by CVE-2018-18240 via ro.pippo:pippo-core (>=0.4.0 <=1.11.0)

ro.pippo:pippo-core MAVEN version =0.4.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.2, =0.8.1, =0.8.4, =0.8.0, =0.8.0, =0.2.3, =0.4.0, =0.4.0, =1.11.0 and more Source cves: CVE-2018-18240 Source advisory: OSV:GHSA-H892-X453-86WC...

ro.pippo:pippo-demo-session (>=0.4.0 <=0.6.1), ro.pippo:pippo-session-cookie (>=0.4.0 <=1.11.0) +10 more potentially affected by CVE-2018-18240 via ro.pippo:pippo-session (>=0.4.0 <=1.11.0)

ro.pippo:pippo-session MAVEN version =0.4.0, =0.4.0, =0.4.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.11.0 Source cves: CVE-2018-18240 Source advisory: OSV:GHSA-H892-X453-86WC...