128 matches found
PT-2026-23229
Name of the Vulnerable Software and Affected Versions AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme versions through 1.0.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File...
CVE-2026-22368
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through = 1.0.2...
CVE-2026-22369
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through = 1.5...
WordPress plugin R&F 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-2116
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...
EUVD-2020-30953
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...
PT-2026-4148
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through = 1.3.3...
CVE-2025-15265
An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...
CVE-2025-15265
An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This...
WordPress plugin Greenorganic 安全漏洞
PHP, etc. are products of PHP. PHP is a scripting language that executes on the server side. webSockets ws, etc. are products of WebSockets open source. ws is a Node.js WebSocket library. r infrastructure gh, etc. are R infrastructure open source gh is a GitHub API library. A security vulnerabili...
WordPress plugin Rentic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-51306
Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...
CVE-2025-13625
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection
Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...
EUVD-2025-197981
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...
CVE-2025-60073
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through = 1.2.2...
CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...
WordPress plugin Saxon 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
school-management-system 代码问题漏洞
school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A code issue vulnerability exists in school-management-system, which stems from the incorrect manipulation of the parameter File in the file...
EUVD-2019-5908
Malware in sbrugna...