CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8787 matches found

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.9AI score0.02329EPSS

Exploits1References2

EUVD•added yesterday•4 views

EUVD-2026-34040

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.00018EPSS

Exploits0References5

Positive Technologies•added yesterday•6 views

PT-2026-46122

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.91.0 Description The LaTeX backend fails to validate path containment when handling the includegraphics, input, and include commands. This allows attackers to use path traversal sequences, such as ../../../etc/passw...

5.5CVSS5.9AI score

Exploits0References5

NVD•added 2 days ago•4 views

CVE-2026-42507

5.3CVSS0.00018EPSS

Exploits0References4

OSV•added 2 days ago•1 views

DEBIAN-CVE-2026-42507

5.3CVSS5.8AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.0005EPSS

Exploits0References1

NVD•added 2 days ago•7 views

CVE-2026-39552

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

8.1CVSS0.00115EPSS

Exploits0References1

EUVD•added 2 days ago•2 views

EUVD-2025-210042

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2025-58897

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

Cvelist•added 2 days ago•31 views

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

8.1CVSS0.00115EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2025-58707

The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2025-58707

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

Vulnrichment•added 2 days ago•5 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-39553

8.1CVSS5.8AI score0.00115EPSS

Exploits0References2

CVE•added 2 days ago•4 views

CVE-2026-39552

CVE-2026-39552 affects the WordPress Blueprint theme prior to 1.1.5, which suffers from an Improper Control of Filename for Include/Require (PHP Local File Inclusion). The vulnerability arises from inadequate validation of included/required filenames, enabling an attacker to cause local file incl...

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00115EPSS

Exploits0References1

NVD•added 2 days ago•7 views

CVE-2025-58024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

7.5CVSS0.00065EPSS

Exploits0References1

NVD•added 2 days ago•7 views

CVE-2025-58705

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12...

8.1CVSS0.00115EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by