CVE-2020-37123

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

EUVD-2007-2177

Malware in sbrugna...

EUVD-2007-2019

Malware in sbrugna...

EUVD-2005-0829

Malware in sbrugna...

EUVD-2015-5897

Malware in sbrugna...

EUVD-2023-35456

Malicious code in bioql PyPI...

EUVD-2023-33938

Malicious code in bioql PyPI...

EUVD-2025-29674

Malicious code in bioql PyPI...

CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...

CVE-2025-2101

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...

CVE-2024-11429

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for...

CVE-2024-10898

CVE-2024-10898 affects the WordPress plugin Contact Form 7 Email Add on (

CVE-2024-3499

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...

VulnCheck KEV: CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

CVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

Unrestricted File Upload

responsive-filemanager,is vulnerable to Unrestricted File Upload. The vulnerability exists due to a lack of file upload checks, which allows an attacker with a low-privileged account to upload and execute arbitrary php files...

CVE-2022-27257

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...