📄 WBCE CMS 1.6.4 Remote Code Execution

WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise. Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date...

CVE-2025-62429

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/adminarea/actions/updatelaunch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is n...

CVE-2025-62429

Summary: CVE-2025-62429 affects ClipBucket v5 prior to 5.5.2 #147. The flaw resides in /upload/admin_area/actions/update_launch.php where the POST parameter "type" is embedded into PHP tags without proper sanitization, allowing an attacker to execute arbitrary PHP code (RCE). The vulnerability is...

WordPress Bei Fen plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The ordPress Bei Fen plugin has a file inclusion vulnerability that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...

EUVD-2018-12387

Malware in sbrugna...

EUVD-2020-5024

Malware in sbrugna...

EUVD-2025-26999

Malicious code in bioql PyPI...

CVE-2025-10050

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

Remote Code Execution (RCE)

unopim/unopim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input validation because the image upload on user creation performs only client-side file type checks, allowing an attacker to modify a captured upload change extension and content to .php and execute...

osCommerce 安全漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license from osCommerce, Inc. A security vulnerability exists in osCommerce 2.2 RC2a and earlier versions, which stems from a lack of input validation and access control in the Manage File Manager tool, and could...

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

PT-2025-33591 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions through 8.6.7 Description: The Soledad theme for WordPress is susceptible to a Local File Inclusion issue via the header layout parameter. This allows authenticated attackers with Contributor-level access ...

WordPress plugin IDonatePro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-6715

CVE-2025-6715 affects the LatePoint WordPress plugin up to version 5.1.93; it allows unauthenticated Local File Inclusion via the layout parameter, enabling potential execution of PHP code on the server. Red Hat and other sources confirm the issue and indicate a fix is available in version 5.1.94...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

WordPress plugin Subscribe to Comments security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

WordPress plugin Widget for Google Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...