CVE-2025-67934

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through 2.8...

CVE-2025-67934

CVE-2025-67934 affects Wellspring (WellSpring WordPress Theme by Mikado-Themes) prior to 2.8, enabling unauthenticated Local File Inclusion via improper handling of PHP include/require filename. Wordfence notes the Wellspring

PT-2026-1909

Name of the Vulnerable Software and Affected Versions Mikado-Themes Wellspring versions prior to 2.8 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

PT-2022-14973 · WordPress · Duplicate Page/Post

Name of the Vulnerable Software and Affected Versions: Duplicate Page and Post WordPress plugin versions prior to 2.8 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

PT-2022-16073 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: An attacker can craft a TFLite model that would cause an integer overflow in...

Dell Encryption and Dell Endpoint Security Suite Elevation of Privilege Vulnerability

Dell Encryption and Dell Endpoint Security Suite are both products of Dell Inc.Dell Encryption is a data protection solution. Dell Encryption is a data protection solution that includes compliance management, authentication, disk data encryption, and port encryption.Dell Endpoint Security Suite i...

UBUNTU-CVE-2018-21245

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711...

CVE-2016-5799

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...

DEBIAN-CVE-2013-6050

Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service crash via crafted HTML tables...

Design/Logic Flaw

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code...