4509 matches found
CVE-2025-53438
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through = 1.6...
CVE-2025-66520 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling
A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...
CVE-2025-68389 Kibana Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana process via a crafted HTTP request...
CVE-2025-40893
The CVE-2025-40893 issue affects Nozomi Networks Guardian/CMC Asset List functionality where improper validation of network traffic data allows stored HTML injection (XSS) via specially crafted packets. Unauthenticated attackers can insert HTML into asset attributes, which then renders in a victi...
EUVD-2025-204158
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through = 1.0.13...
EUVD-2025-204164
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...
EUVD-2025-204176
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...
EUVD-2025-204224
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...
PT-2025-52027
Name of the Vulnerable Software and Affected Versions AncoraThemes Emberlyn versions through 1.3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
PT-2025-52031
Name of the Vulnerable Software and Affected Versions axiomthemes Plan My Day versions through 1.1.13 Description An issue exists in axiomthemes Plan My Day that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This could allow for unauthoriz...
PT-2025-52117
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Winger winger allows PHP Local File Inclusion.This issue affects Winger: from n/a through = 1.0.16...
PT-2025-52075
Name of the Vulnerable Software and Affected Versions axiomthemes Critique versions through 1.17 Description A flaw exists in axiomthemes Critique that allows for PHP Local File Inclusion due to an improper control of filename for include/require statement. This issue is related to a 'PHP Remote...
PT-2025-52068
Name of the Vulnerable Software and Affected Versions axiomthemes Good Mood versions through 1.16 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...
libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
ROS-20251217-7315
A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...
CVE-2025-68116 FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...
WordPress plugin Norebro Extra 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51749
Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted...
ROS-20251216-7362
A vulnerability in the Omnibox component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...