CVE-2025-53440

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

CVE-2025-53440

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

CVE-2025-53440 WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

CVE-2025-53440

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

CVE-2025-53440 WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

EUVD-2025-210036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

CVE-2025-53440

CVE-2025-53440 describes a Local File Inclusion in the WordPress Confidant theme (versions &lt;= 1.4) due to improper control of the filename for include/require in PHP. Affected component: Confidant WordPress theme. Root cause: PHP Local File Inclusion vulnerability enabling access to local file...

PT-2026-45728

Name of the Vulnerable Software and Affected Versions Confidant versions prior to 1.5 Description Improper control of filenames for include or require statements in the PHP program allows for Local File Inclusion. This occurs when the application fails to properly validate the file paths used in...

WordPress plugin Confidant 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Confidant versions = 1.4...

EUVD-2024-2873

Malicious code in bioql PyPI...

CVE-2024-45793

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

CVE-2024-45793 Cross-site Scripting from in Confidant API call

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

CVE-2024-45793 Cross-site Scripting from in Confidant API call

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

CVE-2024-45793

CVE-2024-45793 affects Confidant, an open source secret management service. A cross-site scripting vulnerability exists in multiple API endpoints (for credentials and services) that can be triggered by an authenticated attacker with privileges to create new credentials, potentially exposing infor...

CVE-2024-45793 Cross-site Scripting from in Confidant API call

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/credentials, GET /v1/credentials/, GET /v1/archive/credentials/, GET /v1/archive/credentials, POST...

Prevent XSS from Confidant API call

Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...

GHSA-RXQ8-Q85F-M866 Prevent XSS from Confidant API call

Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...

Confidant 跨站脚本漏洞

Confidant is a Lyft open source application. A cross-site scripting vulnerability exists in Confidant versions prior to 6.6.2, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute malicious scripts on another user's browser...

PT-2024-31774 · Confidant · Confidant

Name of the Vulnerable Software and Affected Versions: Confidant versions prior to 6.6.2 Description: The issue is a cross-site scripting XSS vulnerability that affects various API endpoints in Confidant, an open-source secret management service. These endpoints include GET /v1/credentials, GET...