Lucene search
K

128 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23229

Name of the Vulnerable Software and Affected Versions AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme versions through 1.0.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File...

5.8AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-22368

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through = 1.0.2...

8.1CVSS5.5AI score0.00403EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.3 views

CVE-2026-22369

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through = 1.5...

5.5AI score0.00512EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin R&F 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00561EPSS
Exploits0References1
NVD
NVD
added 2026/02/08 12:16 a.m.6 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS0.00381EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/31 12:30 a.m.8 views

EUVD-2020-30953

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS6AI score0.00601EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4148

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through = 1.3.3...

5.5AI score0.00512EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 8:16 p.m.6 views

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

6.1CVSS6.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 7:59 p.m.3 views

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This...

6.1CVSS6AI score0.00301EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin Greenorganic 安全漏洞

PHP, etc. are products of PHP. PHP is a scripting language that executes on the server side. webSockets ws, etc. are products of WebSockets open source. ws is a Node.js WebSocket library. r infrastructure gh, etc. are R infrastructure open source gh is a GitHub API library. A security vulnerabili...

8.1CVSS6.5AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.2 views

WordPress plugin Rentic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51306

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...

8.8CVSS7.1AI score0.00824EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.4 views

CVE-2025-13625

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

6.1CVSS5.6AI score0.00219EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/12/01 12:0 a.m.152 views

📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...

9.8CVSS8.2AI score0.90067EPSS
Exploits5
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197981

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

7.5CVSS6.5AI score0.00401EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.5 views

CVE-2025-60073

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through = 1.2.2...

7.5CVSS7.1AI score0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.1 views

CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

8.1CVSS6.7AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

WordPress plugin Saxon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.7AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

school-management-system 代码问题漏洞

school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A code issue vulnerability exists in school-management-system, which stems from the incorrect manipulation of the parameter File in the file...

9.8CVSS7.6AI score0.00415EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5908

Malware in sbrugna...

9.8CVSS9.5AI score0.02601EPSS
Exploits0References2
Rows per page
Query Builder