8921 matches found
MajorDoMo - Unauthenticated RCE
MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
CVE-2026-46638
Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...
CVE-2026-46638 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...
CVE-2026-57799
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...
CVE-2026-57800
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...
CVE-2026-57802
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2026-57801
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...
CVE-2026-57791
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...
CVE-2026-57793
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57796
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...
CVE-2026-57795
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...
CVE-2026-57792
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through = 2.4.1...
CVE-2026-57790
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...
CVE-2026-57794
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through = 1.7.3...
EUVD-2026-43296
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
CVE-2026-57802
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2026-57796
CVE-2026-57796 reports an "Improper Control of Filename for Include/Require Statement" in the VLThemes Leedo WordPress theme. The issue allows PHP Local File Inclusion due to improper filename handling in include/require statements, and affects Leedo versions from unknown start up through v3.0.0...
CVE-2026-57791
CVE-2026-57791 : Affected software is the WordPress Brook theme, <= 2.9.0. The issue is an improper validation/control of filenames in PHP include/require, enabling an PHP Local File Inclusion via a crafted filename. The NVD entry cites a CVSS v3.1 base score of 7.5 (HIGH) with network attack ...
CVE-2026-57788
CVE-2026-57788 describes an improper filename control in the Edge-Themes Aalto WordPress theme (Aalto